Argo Workflows
Argo Workflow configuration file
| Type | object |
|---|---|
| Schema URL | https://catalog.lintel.tools/schemas/schemastore/argo-workflows/latest.json |
| Source | https://raw.githubusercontent.com/argoproj/argo-workflows/master/api/jsonschema/schema.json |
Validate with Lintel
npx @lintel/lintel checkOne of
Definitions
3 nested properties
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
15 nested properties
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will return a 409.
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
36 nested properties
3 nested properties
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
15 nested properties
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will return a 409.
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
36 nested properties
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
3 nested properties
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
15 nested properties
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will return a 409.
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
36 nested properties
2 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
5 nested properties
4 nested properties
1 nested properties
1 nested properties
6 nested properties
TLSConfig refers to TLS configuration for a client.
5 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
FunctionName refers to the name of the function to invoke.
Choose from the following options.
-
RequestResponse (default) - Invoke the function synchronously. Keep the connection open until the function returns a response or times out. The API response includes the function response and additional data.
-
Event - Invoke the function asynchronously. Send events that fail multiple times to the function's dead-letter queue (if it's configured). The API response only includes a status code.
-
DryRun - Validate parameter values and verify that the user or role has permission to invoke the function. +optional
Payload is the list of key-value extracted from an event payload to construct the request payload.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Amount represent a numeric amount.
7 nested properties
Selects a key from a ConfigMap.
3 nested properties
The key to select.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the ConfigMap or its key must be defined
1 nested properties
10 nested properties
Directory to clone the repository. We clone complete directory because GitArtifact is not limited to any specific Git service providers. Hence we don't use any specific git provider client.
SecretKeySelector selects a key of a Secret.
K8SResource represent arbitrary structured data.
1 nested properties
10 nested properties
SecretKeySelector selects a key of a Secret.
SecretKeySelector selects a key of a Secret.
SecretKeySelector selects a key of a Secret.
URLArtifact contains information about an artifact at an HTTP endpoint.
2 nested properties
Selects a key from a ConfigMap.
3 nested properties
The key to select.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the ConfigMap or its key must be defined
1 nested properties
10 nested properties
Directory to clone the repository. We clone complete directory because GitArtifact is not limited to any specific Git service providers. Hence we don't use any specific git provider client.
2 nested properties
Name of the remote to fetch from.
URLs the URLs of a remote repository. It must be non-empty. Fetch will always use the first URL, while push will use all of them.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
K8SResource represent arbitrary structured data.
1 nested properties
10 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
2 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
2 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
URLArtifact contains information about an artifact at an HTTP endpoint.
2 nested properties
Payload is the list of key-value extracted from an event payload to construct the request payload.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
1 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
1 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
DeferDelete controls when messages are removed from Azure Service Bus. If false (default), messages are received and deleted immediately before processing. If true, messages are locked and only deleted after successful processing, ensuring they are not lost if processing fails.
1 nested properties
TLSConfig refers to TLS configuration for a client.
5 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Payload is the list of key-value extracted from an event payload to construct the request payload.
TLSConfig refers to TLS configuration for a client.
5 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
2 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
2 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Events this webhook is subscribed to.
1 nested properties
9 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Port on which HTTP server is listening for incoming events.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
URL is the url of the server.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
BitbucketServerBaseURL is the base URL for API requests to a custom endpoint.
1 nested properties
TLSConfig refers to TLS configuration for a client.
5 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
9 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Port on which HTTP server is listening for incoming events.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
URL is the url of the server.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
ProjectKey is the key of project for which integration needs to set up.
RepositorySlug is the slug of the repository for which integration needs to set up.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
2 nested properties
ResourceRequirements describes the compute resource requirements.
3 nested properties
Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
This field depends on the DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.
12 nested properties
AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
AppArmorProfile defines a pod or container's AppArmor settings.
2 nested properties
type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost".
Adds and removes POSIX capabilities from running containers.
2 nested properties
Added capabilities
Removed capabilities
Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
4 nested properties
Level is SELinux level label that applies to the container.
Role is a SELinux role label that applies to the container.
Type is a SELinux type label that applies to the container.
User is a SELinux user label that applies to the container.
SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
2 nested properties
type indicates which kind of seccomp profile will be applied. Valid options are:
Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
WindowsSecurityContextOptions contain Windows-specific options and credentials.
4 nested properties
GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
GMSACredentialSpecName is the name of the GMSA credential spec to use.
HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
CustomTrigger refers to the specification of the custom trigger.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Parameters is the list of parameters that is applied to resolved custom trigger trigger object.
Payload is the list of key-value extracted from an event payload to construct the request payload.
ServerNameOverride for the secure connection between sensor and custom trigger gRPC server.
Spec is the custom trigger resource specification that custom trigger gRPC server knows how to interpret.
DataFilter describes constraints and filters for event data.
Comparator compares the event data with a user given value. Can be ">=", ">", "=", "!=", "<", or "<=". Is optional, and if left blank treated as equality "=".
Path is the JSONPath of the event's (JSON decoded) data key. Path is a series of keys separated by a dot. A key may contain wildcard characters '*' and '?'. To access an array value use the index as the key. The dot and wildcard characters can be escaped with '\'. See https://github.com/tidwall/gjson#path-syntax for more information on how to use this.
Value is the allowed string values for this key. Booleans are parsed using strconv.ParseBool(), Numbers are parsed as float64 using strconv.ParseFloat(), Strings are treated as regular expressions, Nils value is ignored.
EmailTrigger refers to the specification of the email notification trigger.
Host refers to the smtp host url to which email is send.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Broker URI to connect to.
1 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
TLSConfig refers to TLS configuration for a client.
5 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
DataContentType - A MIME (RFC2046) string describing the media type of data.
ID of the event; must be non-empty and unique within the scope of the producer.
Source - A URI describing the event producer.
SpecVersion - The version of the CloudEvents specification used by the io.argoproj.workflow.v1alpha1.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Type - The type of the occurrence which has happened.
EventDependencyFilter defines filters and constraints for a io.argoproj.workflow.v1alpha1.
7 nested properties
7 nested properties
DataContentType - A MIME (RFC2046) string describing the media type of data.
ID of the event; must be non-empty and unique within the scope of the producer.
Source - A URI describing the event producer.
SpecVersion - The version of the CloudEvents specification used by the io.argoproj.workflow.v1alpha1.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Type - The type of the occurrence which has happened.
DataLogicalOperator defines how multiple Data filters (if defined) are evaluated together. Available values: and (&&), or (||) Is optional and if left blank treated as and (&&).
ExprLogicalOperator defines how multiple Exprs filters (if defined) are evaluated together. Available values: and (&&), or (||) Is optional and if left blank treated as and (&&).
Exprs contains the list of expressions evaluated against the event payload.
Script refers to a Lua script evaluated to determine the validity of an io.argoproj.workflow.v1alpha1.
TimeFilter describes a window in time. It filters out events that occur outside the time limits. In other words, only events that occur after Start and before Stop will pass this filter.
3 nested properties
Start is the beginning of a time window in UTC. Before this time, events for this dependency are ignored. Format is hh:mm:ss.
Stop is the end of a time window in UTC. After or equal to this time, events for this dependency are ignored and Format is hh:mm:ss. If it is smaller than Start, it is treated as next day of Start (e.g.: 22:00:00-01:00:00 means 22:00:00-25:00:00).
FiltersLogicalOperator defines how different filters are evaluated together. Available values: and (&&), or (||) Is optional and if left blank treated as and (&&).
2 nested properties
EventDependencyFilter defines filters and constraints for a io.argoproj.workflow.v1alpha1.
7 nested properties
DataContentType - A MIME (RFC2046) string describing the media type of data.
ID of the event; must be non-empty and unique within the scope of the producer.
Source - A URI describing the event producer.
SpecVersion - The version of the CloudEvents specification used by the io.argoproj.workflow.v1alpha1.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Type - The type of the occurrence which has happened.
DataLogicalOperator defines how multiple Data filters (if defined) are evaluated together. Available values: and (&&), or (||) Is optional and if left blank treated as and (&&).
ExprLogicalOperator defines how multiple Exprs filters (if defined) are evaluated together. Available values: and (&&), or (||) Is optional and if left blank treated as and (&&).
Exprs contains the list of expressions evaluated against the event payload.
Script refers to a Lua script evaluated to determine the validity of an io.argoproj.workflow.v1alpha1.
TimeFilter describes a window in time. It filters out events that occur outside the time limits. In other words, only events that occur after Start and before Stop will pass this filter.
3 nested properties
Start is the beginning of a time window in UTC. Before this time, events for this dependency are ignored. Format is hh:mm:ss.
Stop is the end of a time window in UTC. After or equal to this time, events for this dependency are ignored and Format is hh:mm:ss. If it is smaller than Start, it is treated as next day of Start (e.g.: 22:00:00-01:00:00 means 22:00:00-25:00:00).
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
15 nested properties
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will return a 409.
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
36 nested properties
3 nested properties
11 nested properties
Affinity is a group of affinity scheduling rules.
PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.
4 nested properties
continue may be set if the user set a limit on the number of items returned, and indicates that the server has more data available. The value is opaque and may be used to issue another request to the endpoint that served this list to retrieve the next set of available objects. Continuing a consistent list may not be possible if the server configuration has changed or more than a few minutes have passed. The resourceVersion field returned when using this continue value will be identical to the value in the first response, unless you have received this token from an error message.
remainingItemCount is the number of subsequent items in the list which are not included in this list response. If the list request contained label or field selectors, then the number of remaining items is unknown and the field will be left unset and omitted during serialization. If the list is complete (either because it is not chunking or because this is the last chunk), then there are no more remaining items and this field will be left unset and omitted during serialization. Servers older than v1.15 do not set this field. The intended use of the remainingItemCount is estimating the size of a collection. Clients should not rely on the remainingItemCount to be set or to be exact.
String that identifies the server's internal version of this object that can be used by clients to determine when objects have changed. Value must be treated as opaque by clients and passed unmodified back to the server. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
3 nested properties
2 nested properties
11 nested properties
Affinity is a group of affinity scheduling rules.
6 nested properties
ResourceRequirements describes the compute resource requirements.
SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.
2 nested properties
PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
13 nested properties
AppArmorProfile defines a pod or container's AppArmor settings.
A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:
- The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw----
If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.
fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. Valid values are "MountOption" and "Recursive".
"Recursive" means relabeling of all files on all Pod volumes by the container runtime. This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.
"MountOption" mounts all eligible Pod volumes with -o context mount option. This requires all Pods that share the same volume to use the same SELinux label. It is not possible to share the same volume among privileged and unprivileged Pods. Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their CSIDriver instance. Other volumes are always re-labelled recursively. "MountOption" value is allowed only when SELinuxMount feature gate is enabled.
If not specified and SELinuxMount feature gate is enabled, "MountOption" is used. If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes and "Recursive" for all other volumes.
This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.
All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. Note that this field cannot be set when spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.
Defines how supplemental groups of the first container processes are calculated. Valid values are "Merge" and "Strict". If not specified, "Merge" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.
WindowsSecurityContextOptions contain Windows-specific options and credentials.
Expr refers to the expression that determines the outcome of the filter.
Fields refers to set of keys that refer to the paths within event payload.
GenericEventSource refers to a generic event source. It can be used to implement a custom event source.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
1 nested properties
Insecure determines the type of connection.
URL of the gRPC server that implements the event source.
2 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
1 nested properties
List of project namespace paths like "whynowy/test".
9 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Port on which HTTP server is listening for incoming events.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
URL is the url of the server.
Directory to clone the repository. We clone complete directory because GitArtifact is not limited to any specific Git service providers. Hence we don't use any specific git provider client.
2 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
2 nested properties
Name of the remote to fetch from.
URLs the URLs of a remote repository. It must be non-empty. Fetch will always use the first URL, while push will use all of them.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Name of the remote to fetch from.
URLs the URLs of a remote repository. It must be non-empty. Fetch will always use the first URL, while push will use all of them.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
1 nested properties
3 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Organizations holds the names of organizations (used for organization level webhooks). Not required if Repositories is set.
Repositories holds the information of repositories, which uses repo owner as the key, and list of repo names as the value. Not required if Organizations is set.
9 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Port on which HTTP server is listening for incoming events.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
URL is the url of the server.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Events are gitlab event to listen to. Refer https://github.com/xanzy/go-gitlab/blob/bf34eca5d13a9f4c3f501d8a97b8ac226d55e4d9/projects.go#L794.
1 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
9 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Port on which HTTP server is listening for incoming events.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
URL is the url of the server.
1 nested properties
HDFSUser is the user to access HDFS file system. It is ignored if either ccache or keytab is used.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Selects a key from a ConfigMap.
3 nested properties
The key to select.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the ConfigMap or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
KrbRealm is the Kerberos realm used with Kerberos keytab It must be set if keytab is used.
KrbServicePrincipalName is the principal name of Kerberos service It must be set if either ccache or keytab is used.
KrbUsername is the Kerberos username used with Kerberos keytab It must be set if keytab is used.
3 nested properties
2 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Parameters is the list of key-value extracted from event's payload that are applied to the HTTP trigger resource.
TLSConfig refers to TLS configuration for a client.
5 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
URL refers to the URL to send HTTP request to.
K8SResource represent arbitrary structured data.
Yaml format Sarama config for Kafka connection. It follows the struct of sarama.Config. See https://github.com/IBM/sarama/blob/main/config.go e.g.
consumer: fetch: min: 1 net: MaxOpenRequests: 5
+optional
3 nested properties
1 nested properties
3 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
TLSConfig refers to TLS configuration for a client.
5 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
KafkaTrigger refers to the specification of the Kafka trigger.
Parameters is the list of parameters that is applied to resolved Kafka trigger object.
The partitioning key for the messages put on the Kafka topic. +optional.
Payload is the list of key-value extracted from an event payload to construct the request payload.
RequiredAcks used in producer to tell the broker how many replica acknowledgements Defaults to 1 (Only wait for the leader to ack). +optional.
3 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
TLSConfig refers to TLS configuration for a client.
5 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
URL of the Kafka broker, multiple URLs separated by comma.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
1 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
2 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
1 nested properties
TLSConfig refers to TLS configuration for a client.
5 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
2 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
4 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
1 nested properties
TLSConfig refers to TLS configuration for a client.
5 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
NATSTrigger refers to the specification of the NATS trigger.
4 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Name of the subject to put message on.
TLSConfig refers to TLS configuration for a client.
5 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
URL of the NATS cluster.
1 nested properties
TLSConfig refers to TLS configuration for a client.
5 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Topic to subscribe to.
OpenWhiskTrigger refers to the specification of the OpenWhisk trigger.
Name of the action/function.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Host URL of the OpenWhisk.
Namespace for the action. Defaults to "_". +optional.
Payload is the list of key-value extracted from an event payload to construct the request payload.
PayloadField binds a value at path within the event payload against a name.
Name acts as key that holds the value at the path.
Path is the JSONPath of the event's (JSON decoded) data key Path is a series of keys separated by a dot. A key may contain wildcard characters '*' and '?'. To access an array value use the index as the key. The dot and wildcard characters can be escaped with '\'. See https://github.com/tidwall/gjson#path-syntax for more information on how to use this.
PubSubEventSource refers to event-source for GCP PubSub related events.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
1 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
1 nested properties
TLSConfig refers to TLS configuration for a client.
5 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
PulsarTrigger refers to the specification of the Pulsar trigger.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Parameters is the list of parameters that is applied to resolved Kafka trigger object.
Payload is the list of key-value extracted from an event payload to construct the request payload.
TLSConfig refers to TLS configuration for a client.
5 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
1 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
TLSConfig refers to TLS configuration for a client.
5 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
1 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Streams to look for entries. XREADGROUP is used on all streams using a single consumer group.
TLSConfig refers to TLS configuration for a client.
5 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
ResourceEventSource refers to a event-source for K8s resource related events.
EventTypes is the list of event type to watch. Possible values are - ADD, UPDATE and DELETE.
5 nested properties
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
+protobuf.options.(gogoproto.goproto_stringer)=false
3 nested properties
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
2 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
2 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SFTPEventSource describes an event-source for sftp related events.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
1 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
3 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
1 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
9 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Port on which HTTP server is listening for incoming events.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
URL is the url of the server.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
1 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
WaitTimeSeconds is The duration (in seconds) for which the call waits for a message to arrive in the queue before returning.
2 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Schema Registry URL.
2 nested properties
Selects a key from a ConfigMap.
3 nested properties
The key to select.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the ConfigMap or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Selector represents conditional operation to select K8s objects.
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
15 nested properties
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will return a 409.
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
8 nested properties
Dependencies is a list of the events that this sensor is dependent on.
ErrorOnFailedRound if set to true, marks sensor state as error if the previous trigger round fails.
Once sensor state is set to error, no further triggers will be processed.
11 nested properties
Affinity is a group of affinity scheduling rules.
PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
Triggers is a list of the things that this sensor evokes. These are the outputs from this sensor.
ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.
4 nested properties
continue may be set if the user set a limit on the number of items returned, and indicates that the server has more data available. The value is opaque and may be used to issue another request to the endpoint that served this list to retrieve the next set of available objects. Continuing a consistent list may not be possible if the server configuration has changed or more than a few minutes have passed. The resourceVersion field returned when using this continue value will be identical to the value in the first response, unless you have received this token from an error message.
remainingItemCount is the number of subsequent items in the list which are not included in this list response. If the list request contained label or field selectors, then the number of remaining items is unknown and the field will be left unset and omitted during serialization. If the list is complete (either because it is not chunking or because this is the last chunk), then there are no more remaining items and this field will be left unset and omitted during serialization. Servers older than v1.15 do not set this field. The intended use of the remainingItemCount is estimating the size of a collection. Clients should not rely on the remainingItemCount to be set or to be exact.
String that identifies the server's internal version of this object that can be used by clients to determine when objects have changed. Value must be treated as opaque by clients and passed unmodified back to the server. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
Dependencies is a list of the events that this sensor is dependent on.
ErrorOnFailedRound if set to true, marks sensor state as error if the previous trigger round fails.
Once sensor state is set to error, no further triggers will be processed.
11 nested properties
Affinity is a group of affinity scheduling rules.
6 nested properties
ResourceRequirements describes the compute resource requirements.
SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.
2 nested properties
PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
13 nested properties
AppArmorProfile defines a pod or container's AppArmor settings.
A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:
- The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw----
If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.
fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. Valid values are "MountOption" and "Recursive".
"Recursive" means relabeling of all files on all Pod volumes by the container runtime. This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.
"MountOption" mounts all eligible Pod volumes with -o context mount option. This requires all Pods that share the same volume to use the same SELinux label. It is not possible to share the same volume among privileged and unprivileged Pods. Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their CSIDriver instance. Other volumes are always re-labelled recursively. "MountOption" value is allowed only when SELinuxMount feature gate is enabled.
If not specified and SELinuxMount feature gate is enabled, "MountOption" is used. If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes and "Recursive" for all other volumes.
This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.
All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. Note that this field cannot be set when spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.
Defines how supplemental groups of the first container processes are calculated. Valid values are "Merge" and "Strict". If not specified, "Merge" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.
WindowsSecurityContextOptions contain Windows-specific options and credentials.
Triggers is a list of the things that this sensor evokes. These are the outputs from this sensor.
SensorStatus contains information about the status of a sensor.
2 nested properties
1 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
9 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Port on which HTTP server is listening for incoming events.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
URL is the url of the server.
SlackTrigger refers to the specification of the slack notification trigger.
2 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
2 nested properties
Parameters is the list of parameters that is applied to resolved K8s trigger object.
7 nested properties
Selects a key from a ConfigMap.
3 nested properties
The key to select.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the ConfigMap or its key must be defined
1 nested properties
10 nested properties
Directory to clone the repository. We clone complete directory because GitArtifact is not limited to any specific Git service providers. Hence we don't use any specific git provider client.
SecretKeySelector selects a key of a Secret.
K8SResource represent arbitrary structured data.
1 nested properties
10 nested properties
SecretKeySelector selects a key of a Secret.
SecretKeySelector selects a key of a Secret.
SecretKeySelector selects a key of a Secret.
URLArtifact contains information about an artifact at an HTTP endpoint.
2 nested properties
Status is a common structure which can be used for Status field.
APIURL is the url of the storagegrid api.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Name of the bucket to register notifications for.
2 nested properties
TLSConfig refers to TLS configuration for a client.
5 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
9 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Port on which HTTP server is listening for incoming events.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
URL is the url of the server.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
9 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Port on which HTTP server is listening for incoming events.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
URL is the url of the server.
TLSConfig refers to TLS configuration for a client.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Affinity is a group of affinity scheduling rules.
3 nested properties
Node affinity is a group of node affinity scheduling rules.
2 nested properties
The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
A node selector represents the union of the results of one or more label queries over a set of nodes; that is, it represents the OR of the selectors represented by the node selector terms.
Pod affinity is a group of inter pod affinity scheduling rules.
2 nested properties
The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
Pod anti affinity is a group of inter pod anti affinity scheduling rules.
2 nested properties
The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and subtracting "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
6 nested properties
ResourceRequirements describes the compute resource requirements.
3 nested properties
Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
This field depends on the DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.
12 nested properties
AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
AppArmorProfile defines a pod or container's AppArmor settings.
Adds and removes POSIX capabilities from running containers.
Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
WindowsSecurityContextOptions contain Windows-specific options and credentials.
2 nested properties
PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
13 nested properties
AppArmorProfile defines a pod or container's AppArmor settings.
2 nested properties
type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost".
A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:
- The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw----
If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.
fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. Valid values are "MountOption" and "Recursive".
"Recursive" means relabeling of all files on all Pod volumes by the container runtime. This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.
"MountOption" mounts all eligible Pod volumes with -o context mount option. This requires all Pods that share the same volume to use the same SELinux label. It is not possible to share the same volume among privileged and unprivileged Pods. Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their CSIDriver instance. Other volumes are always re-labelled recursively. "MountOption" value is allowed only when SELinuxMount feature gate is enabled.
If not specified and SELinuxMount feature gate is enabled, "MountOption" is used. If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes and "Recursive" for all other volumes.
This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.
All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. Note that this field cannot be set when spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
4 nested properties
Level is SELinux level label that applies to the container.
Role is a SELinux role label that applies to the container.
Type is a SELinux type label that applies to the container.
User is a SELinux user label that applies to the container.
SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
2 nested properties
type indicates which kind of seccomp profile will be applied. Valid options are:
Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.
Defines how supplemental groups of the first container processes are calculated. Valid values are "Merge" and "Strict". If not specified, "Merge" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.
WindowsSecurityContextOptions contain Windows-specific options and credentials.
4 nested properties
GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
GMSACredentialSpecName is the name of the GMSA credential spec to use.
HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
TimeFilter describes a window in time. It filters out events that occur outside the time limits. In other words, only events that occur after Start and before Stop will pass this filter.
Start is the beginning of a time window in UTC. Before this time, events for this dependency are ignored. Format is hh:mm:ss.
Stop is the end of a time window in UTC. After or equal to this time, events for this dependency are ignored and Format is hh:mm:ss. If it is smaller than Start, it is treated as next day of Start (e.g.: 22:00:00-01:00:00 means 22:00:00-25:00:00).
7 nested properties
2 nested properties
TriggerTemplate is the template that describes trigger specification.
17 nested properties
CustomTrigger refers to the specification of the custom trigger.
EmailTrigger refers to the specification of the email notification trigger.
KafkaTrigger refers to the specification of the Kafka trigger.
Name is a unique name of the action to take.
NATSTrigger refers to the specification of the NATS trigger.
OpenWhiskTrigger refers to the specification of the OpenWhisk trigger.
PulsarTrigger refers to the specification of the Pulsar trigger.
SlackTrigger refers to the specification of the slack notification trigger.
2 nested properties
TriggerTemplate is the template that describes trigger specification.
17 nested properties
8 nested properties
SecretKeySelector selects a key of a Secret.
FunctionName refers to the name of the function to invoke.
Choose from the following options.
-
RequestResponse (default) - Invoke the function synchronously. Keep the connection open until the function returns a response or times out. The API response includes the function response and additional data.
-
Event - Invoke the function asynchronously. Send events that fail multiple times to the function's dead-letter queue (if it's configured). The API response only includes a status code.
-
DryRun - Validate parameter values and verify that the user or role has permission to invoke the function. +optional
Payload is the list of key-value extracted from an event payload to construct the request payload.
SecretKeySelector selects a key of a Secret.
7 nested properties
CustomTrigger refers to the specification of the custom trigger.
7 nested properties
SecretKeySelector selects a key of a Secret.
Parameters is the list of parameters that is applied to resolved custom trigger trigger object.
Payload is the list of key-value extracted from an event payload to construct the request payload.
ServerNameOverride for the secure connection between sensor and custom trigger gRPC server.
Spec is the custom trigger resource specification that custom trigger gRPC server knows how to interpret.
EmailTrigger refers to the specification of the email notification trigger.
9 nested properties
Host refers to the smtp host url to which email is send.
SecretKeySelector selects a key of a Secret.
11 nested properties
Parameters is the list of key-value extracted from event's payload that are applied to the HTTP trigger resource.
TLSConfig refers to TLS configuration for a client.
URL refers to the URL to send HTTP request to.
5 nested properties
Parameters is the list of parameters that is applied to resolved K8s trigger object.
KafkaTrigger refers to the specification of the Kafka trigger.
15 nested properties
Parameters is the list of parameters that is applied to resolved Kafka trigger object.
The partitioning key for the messages put on the Kafka topic. +optional.
Payload is the list of key-value extracted from an event payload to construct the request payload.
RequiredAcks used in producer to tell the broker how many replica acknowledgements Defaults to 1 (Only wait for the leader to ack). +optional.
TLSConfig refers to TLS configuration for a client.
URL of the Kafka broker, multiple URLs separated by comma.
1 nested properties
Name is a unique name of the action to take.
NATSTrigger refers to the specification of the NATS trigger.
OpenWhiskTrigger refers to the specification of the OpenWhisk trigger.
7 nested properties
Name of the action/function.
SecretKeySelector selects a key of a Secret.
Host URL of the OpenWhisk.
Namespace for the action. Defaults to "_". +optional.
Payload is the list of key-value extracted from an event payload to construct the request payload.
PulsarTrigger refers to the specification of the Pulsar trigger.
12 nested properties
SecretKeySelector selects a key of a Secret.
SecretKeySelector selects a key of a Secret.
Parameters is the list of parameters that is applied to resolved Kafka trigger object.
Payload is the list of key-value extracted from an event payload to construct the request payload.
TLSConfig refers to TLS configuration for a client.
SecretKeySelector selects a key of a Secret.
Dest is the JSONPath of a resource key. A path is a series of keys separated by a dot. The colon character can be escaped with '.' The -1 key can be used to append a value to an existing array. See https://github.com/tidwall/sjson#path-syntax for more information about how this is used.
Operation is what to do with the existing value at Dest, whether to 'prepend', 'overwrite', or 'append' it.
7 nested properties
ContextKey is the JSONPath of the event's (JSON decoded) context key ContextKey is a series of keys separated by a dot. A key may contain wildcard characters '*' and '?'. To access an array value use the index as the key. The dot and wildcard characters can be escaped with '\'. See https://github.com/tidwall/gjson#path-syntax for more information on how to use this.
DataKey is the JSONPath of the event's (JSON decoded) data key DataKey is a series of keys separated by a dot. A key may contain wildcard characters '*' and '?'. To access an array value use the index as the key. The dot and wildcard characters can be escaped with '\'. See https://github.com/tidwall/gjson#path-syntax for more information on how to use this.
DependencyName refers to the name of the dependency. The event which is stored for this dependency is used as payload for the parameterization. Make sure to refer to one of the dependencies you have defined under Dependencies list.
Value is the default literal value to use for this parameter source This is only used if the DataKey is invalid. If the DataKey is invalid and this is not defined, this param source will produce an error.
ContextKey is the JSONPath of the event's (JSON decoded) context key ContextKey is a series of keys separated by a dot. A key may contain wildcard characters '*' and '?'. To access an array value use the index as the key. The dot and wildcard characters can be escaped with '\'. See https://github.com/tidwall/gjson#path-syntax for more information on how to use this.
DataKey is the JSONPath of the event's (JSON decoded) data key DataKey is a series of keys separated by a dot. A key may contain wildcard characters '*' and '?'. To access an array value use the index as the key. The dot and wildcard characters can be escaped with '\'. See https://github.com/tidwall/gjson#path-syntax for more information on how to use this.
DependencyName refers to the name of the dependency. The event which is stored for this dependency is used as payload for the parameterization. Make sure to refer to one of the dependencies you have defined under Dependencies list.
Value is the default literal value to use for this parameter source This is only used if the DataKey is invalid. If the DataKey is invalid and this is not defined, this param source will produce an error.
TriggerTemplate is the template that describes trigger specification.
4 nested properties
8 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
FunctionName refers to the name of the function to invoke.
Choose from the following options.
-
RequestResponse (default) - Invoke the function synchronously. Keep the connection open until the function returns a response or times out. The API response includes the function response and additional data.
-
Event - Invoke the function asynchronously. Send events that fail multiple times to the function's dead-letter queue (if it's configured). The API response only includes a status code.
-
DryRun - Validate parameter values and verify that the user or role has permission to invoke the function. +optional
Payload is the list of key-value extracted from an event payload to construct the request payload.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
6 nested properties
Payload is the list of key-value extracted from an event payload to construct the request payload.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
7 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Payload is the list of key-value extracted from an event payload to construct the request payload.
TLSConfig refers to TLS configuration for a client.
CustomTrigger refers to the specification of the custom trigger.
7 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Parameters is the list of parameters that is applied to resolved custom trigger trigger object.
Payload is the list of key-value extracted from an event payload to construct the request payload.
ServerNameOverride for the secure connection between sensor and custom trigger gRPC server.
Spec is the custom trigger resource specification that custom trigger gRPC server knows how to interpret.
EmailTrigger refers to the specification of the email notification trigger.
9 nested properties
Host refers to the smtp host url to which email is send.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
11 nested properties
Parameters is the list of key-value extracted from event's payload that are applied to the HTTP trigger resource.
TLSConfig refers to TLS configuration for a client.
URL refers to the URL to send HTTP request to.
5 nested properties
Parameters is the list of parameters that is applied to resolved K8s trigger object.
KafkaTrigger refers to the specification of the Kafka trigger.
15 nested properties
Parameters is the list of parameters that is applied to resolved Kafka trigger object.
The partitioning key for the messages put on the Kafka topic. +optional.
Payload is the list of key-value extracted from an event payload to construct the request payload.
RequiredAcks used in producer to tell the broker how many replica acknowledgements Defaults to 1 (Only wait for the leader to ack). +optional.
3 nested properties
TLSConfig refers to TLS configuration for a client.
URL of the Kafka broker, multiple URLs separated by comma.
1 nested properties
Name is a unique name of the action to take.
NATSTrigger refers to the specification of the NATS trigger.
OpenWhiskTrigger refers to the specification of the OpenWhisk trigger.
7 nested properties
Name of the action/function.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Host URL of the OpenWhisk.
Namespace for the action. Defaults to "_". +optional.
Payload is the list of key-value extracted from an event payload to construct the request payload.
PulsarTrigger refers to the specification of the Pulsar trigger.
12 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Parameters is the list of parameters that is applied to resolved Kafka trigger object.
Payload is the list of key-value extracted from an event payload to construct the request payload.
TLSConfig refers to TLS configuration for a client.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SlackTrigger refers to the specification of the slack notification trigger.
8 nested properties
2 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
2 nested properties
URLArtifact contains information about an artifact at an HTTP endpoint.
Selects a key from a ConfigMap.
3 nested properties
The key to select.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the ConfigMap or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Port on which HTTP server is listening for incoming events.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
URL is the url of the server.
1 nested properties
9 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Port on which HTTP server is listening for incoming events.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
URL is the url of the server.
Amount represent a numeric amount.
ArchiveStrategy describes how to archive files/directory when saving artifacts
NoneStrategy indicates to skip tar process and upload the files or directory tree as independent files. Note that if the artifact is a directory, the artifact driver must support the ability to save/load the directory appropriately.
TarStrategy will tar and gzip the file or directory when saving
1 nested properties
CompressionLevel specifies the gzip compression level to use for the artifact. Defaults to gzip.DefaultCompression.
ZipStrategy will unzip zipped input artifacts
Arguments to a template
Artifacts is the list of artifacts to pass to the template or workflow
Parameters is the list of parameters to pass to the template or workflow
ArtGCStatus maintains state related to ArtifactGC
if this is true, we already checked to see if we need to do it and we don't
have completed Pods been processed? (mapped by Pod name) used to prevent re-processing the Status of a Pod more than once
have Pods been started to perform this strategy? (enables us not to re-process what we've already done)
Artifact indicates an artifact to place at a specified path
name of the artifact. must be unique within a template's inputs/outputs.
ArchiveStrategy describes how to archive files/directory when saving artifacts
3 nested properties
NoneStrategy indicates to skip tar process and upload the files or directory tree as independent files. Note that if the artifact is a directory, the artifact driver must support the ability to save/load the directory appropriately.
TarStrategy will tar and gzip the file or directory when saving
1 nested properties
CompressionLevel specifies the gzip compression level to use for the artifact. Defaults to gzip.DefaultCompression.
ZipStrategy will unzip zipped input artifacts
ArchiveLogs indicates if the container logs should be archived
ArtifactGC describes how to delete artifacts from completed Workflows - this is embedded into the WorkflowLevelArtifactGC, and also used for individual Artifacts to override that as needed
3 nested properties
Pod metadata
2 nested properties
ServiceAccountName is an optional field for specifying the Service Account that should be assigned to the Pod doing the deletion
Strategy is the strategy to use.
ArtifactoryArtifact is the location of an artifactory artifact
3 nested properties
URL of the artifact
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
AzureArtifact is the location of an Azure Storage artifact
5 nested properties
Blob is the blob name (i.e., path) in the container where the artifact resides
Container is the container where resources will be stored
Endpoint is the service url associated with an account. It is most likely "<https://<ACCOUNT_NAME>>.blob.core.windows.net"
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
UseSDKCreds tells the driver to figure out credentials based on sdk defaults.
Has this been deleted?
From allows an artifact to reference an artifact from a previous step
FromExpression, if defined, is evaluated to specify the value for the artifact
GCSArtifact is the location of a GCS artifact
3 nested properties
Key is the path in the bucket where the artifact resides
Bucket is the name of the bucket
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
GitArtifact is the location of a git artifact
12 nested properties
Repo is the git repository
Branch is the branch to fetch when SingleBranch is enabled
Depth specifies clones/fetches should be shallow and include the given number of commits from the branch tip
DisableSubmodules disables submodules during git clone
Fetch specifies a number of refs that should be fetched before checkout
InsecureIgnoreHostKey disables SSH strict host key checking during git clone
InsecureSkipTLS disables server certificate verification resulting in insecure HTTPS connections
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Revision is the git commit, tag, branch to checkout
SingleBranch enables single branch clone, using the branch parameter
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
GlobalName exports an output artifact to the global scope, making it available as '{{io.argoproj.workflow.v1alpha1.outputs.artifacts.XXXX}} and in workflow.status.outputs.artifacts
HDFSArtifact is the location of an HDFS artifact
11 nested properties
Path is a file path in HDFS
Addresses is accessible addresses of HDFS name nodes
DataTransferProtection is the protection level for HDFS data transfer. It corresponds to the dfs.data.transfer.protection configuration in HDFS.
Force copies a file forcibly even if it exists
HDFSUser is the user to access HDFS file system. It is ignored if either ccache or keytab is used.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Selects a key from a ConfigMap.
3 nested properties
The key to select.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the ConfigMap or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
KrbRealm is the Kerberos realm used with Kerberos keytab It must be set if keytab is used.
KrbServicePrincipalName is the principal name of Kerberos service It must be set if either ccache or keytab is used.
KrbUsername is the Kerberos username used with Kerberos keytab It must be set if keytab is used.
HTTPArtifact allows a file served on HTTP to be placed as an input artifact in a container
3 nested properties
URL of the artifact
3 nested properties
Headers are an optional list of headers to send with HTTP requests for artifacts
mode bits to use on this file, must be a value between 0 and 0777. Set when loading input artifacts. It is recommended to set the mode value to ensure the artifact has the expected permissions in your container.
Make Artifacts optional, if Artifacts doesn't generate or exist
OSSArtifact is the location of an Alibaba Cloud OSS artifact
9 nested properties
Key is the path in the bucket where the artifact resides
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Bucket is the name of the bucket
CreateBucketIfNotPresent tells the driver to attempt to create the OSS bucket for output artifacts, if it doesn't exist
Endpoint is the hostname of the bucket endpoint
OSSLifecycleRule specifies how to manage bucket's lifecycle
2 nested properties
MarkDeletionAfterDays is the number of days before we delete objects in the bucket
MarkInfrequentAccessAfterDays is the number of days before we convert the objects in the bucket to Infrequent Access (IA) storage type
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecurityToken is the user's temporary security token. For more details, check out: https://www.alibabacloud.com/help/doc-detail/100624.htm
UseSDKCreds tells the driver to figure out credentials based on sdk defaults.
Path is the container path to the artifact
PluginArtifact is the location of a plugin artifact
4 nested properties
Key is the path in the artifact repository where the artifact resides
Configuration is the plugin defined configuration for the artifact driver plugin
ConnectionTimeoutSeconds is the timeout for the artifact driver connection, overriding the driver's timeout
Name is the name of the artifact driver plugin
RawArtifact allows raw string content to be placed as an artifact in a container
1 nested properties
Data is the string contents of the artifact
If mode is set, apply the permission recursively into the artifact if it is a folder
S3Artifact is the location of an S3 artifact
13 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Bucket is the name of the bucket
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
CreateS3BucketOptions options used to determine automatic automatic bucket-creation process
1 nested properties
ObjectLocking Enable object locking
S3EncryptionOptions used to determine encryption options during s3 operations
4 nested properties
EnableEncryption tells the driver to encrypt objects if set to true. If kmsKeyId and serverSideCustomerKeySecret are not set, SSE-S3 will be used
KmsEncryptionContext is a json blob that contains an encryption context. See https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context for more information
KMSKeyId tells the driver to encrypt the object using the specified KMS Key.
SecretKeySelector selects a key of a Secret.
Endpoint is the hostname of the bucket endpoint
Insecure will connect to the service with TLS
Key is the key in the bucket where the artifact resides
Region contains the optional bucket region
RoleARN is the Amazon Resource Name (ARN) of the role to assume.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
UseSDKCreds tells the driver to figure out credentials based on sdk defaults.
SubPath allows an artifact to be sourced from a subpath within the specified source
ArtifactGC describes how to delete artifacts from completed Workflows - this is embedded into the WorkflowLevelArtifactGC, and also used for individual Artifacts to override that as needed
Pod metadata
2 nested properties
ServiceAccountName is an optional field for specifying the Service Account that should be assigned to the Pod doing the deletion
Strategy is the strategy to use.
ArtifactLocation describes a location for a single or multiple artifacts. It is used as single artifact in the context of inputs/outputs (e.g. outputs.artifacts.artname). It is also used to describe the location of multiple artifacts such as the archive location of a single workflow step, which the executor will use as a default location to store its files.
ArchiveLogs indicates if the container logs should be archived
ArtifactoryArtifact is the location of an artifactory artifact
3 nested properties
URL of the artifact
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
AzureArtifact is the location of an Azure Storage artifact
5 nested properties
Blob is the blob name (i.e., path) in the container where the artifact resides
Container is the container where resources will be stored
Endpoint is the service url associated with an account. It is most likely "<https://<ACCOUNT_NAME>>.blob.core.windows.net"
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
UseSDKCreds tells the driver to figure out credentials based on sdk defaults.
GCSArtifact is the location of a GCS artifact
3 nested properties
Key is the path in the bucket where the artifact resides
Bucket is the name of the bucket
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
GitArtifact is the location of a git artifact
12 nested properties
Repo is the git repository
Branch is the branch to fetch when SingleBranch is enabled
Depth specifies clones/fetches should be shallow and include the given number of commits from the branch tip
DisableSubmodules disables submodules during git clone
Fetch specifies a number of refs that should be fetched before checkout
InsecureIgnoreHostKey disables SSH strict host key checking during git clone
InsecureSkipTLS disables server certificate verification resulting in insecure HTTPS connections
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Revision is the git commit, tag, branch to checkout
SingleBranch enables single branch clone, using the branch parameter
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
HDFSArtifact is the location of an HDFS artifact
11 nested properties
Path is a file path in HDFS
Addresses is accessible addresses of HDFS name nodes
DataTransferProtection is the protection level for HDFS data transfer. It corresponds to the dfs.data.transfer.protection configuration in HDFS.
Force copies a file forcibly even if it exists
HDFSUser is the user to access HDFS file system. It is ignored if either ccache or keytab is used.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Selects a key from a ConfigMap.
3 nested properties
The key to select.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the ConfigMap or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
KrbRealm is the Kerberos realm used with Kerberos keytab It must be set if keytab is used.
KrbServicePrincipalName is the principal name of Kerberos service It must be set if either ccache or keytab is used.
KrbUsername is the Kerberos username used with Kerberos keytab It must be set if keytab is used.
HTTPArtifact allows a file served on HTTP to be placed as an input artifact in a container
3 nested properties
URL of the artifact
3 nested properties
Headers are an optional list of headers to send with HTTP requests for artifacts
OSSArtifact is the location of an Alibaba Cloud OSS artifact
9 nested properties
Key is the path in the bucket where the artifact resides
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Bucket is the name of the bucket
CreateBucketIfNotPresent tells the driver to attempt to create the OSS bucket for output artifacts, if it doesn't exist
Endpoint is the hostname of the bucket endpoint
OSSLifecycleRule specifies how to manage bucket's lifecycle
2 nested properties
MarkDeletionAfterDays is the number of days before we delete objects in the bucket
MarkInfrequentAccessAfterDays is the number of days before we convert the objects in the bucket to Infrequent Access (IA) storage type
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecurityToken is the user's temporary security token. For more details, check out: https://www.alibabacloud.com/help/doc-detail/100624.htm
UseSDKCreds tells the driver to figure out credentials based on sdk defaults.
PluginArtifact is the location of a plugin artifact
4 nested properties
Key is the path in the artifact repository where the artifact resides
Configuration is the plugin defined configuration for the artifact driver plugin
ConnectionTimeoutSeconds is the timeout for the artifact driver connection, overriding the driver's timeout
Name is the name of the artifact driver plugin
RawArtifact allows raw string content to be placed as an artifact in a container
1 nested properties
Data is the string contents of the artifact
S3Artifact is the location of an S3 artifact
13 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Bucket is the name of the bucket
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
CreateS3BucketOptions options used to determine automatic automatic bucket-creation process
1 nested properties
ObjectLocking Enable object locking
S3EncryptionOptions used to determine encryption options during s3 operations
4 nested properties
EnableEncryption tells the driver to encrypt objects if set to true. If kmsKeyId and serverSideCustomerKeySecret are not set, SSE-S3 will be used
KmsEncryptionContext is a json blob that contains an encryption context. See https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context for more information
KMSKeyId tells the driver to encrypt the object using the specified KMS Key.
SecretKeySelector selects a key of a Secret.
Endpoint is the hostname of the bucket endpoint
Insecure will connect to the service with TLS
Key is the key in the bucket where the artifact resides
Region contains the optional bucket region
RoleARN is the Amazon Resource Name (ARN) of the role to assume.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
UseSDKCreds tells the driver to figure out credentials based on sdk defaults.
ArtifactPaths expands a step from a collection of artifacts
name of the artifact. must be unique within a template's inputs/outputs.
ArchiveStrategy describes how to archive files/directory when saving artifacts
3 nested properties
NoneStrategy indicates to skip tar process and upload the files or directory tree as independent files. Note that if the artifact is a directory, the artifact driver must support the ability to save/load the directory appropriately.
TarStrategy will tar and gzip the file or directory when saving
1 nested properties
CompressionLevel specifies the gzip compression level to use for the artifact. Defaults to gzip.DefaultCompression.
ZipStrategy will unzip zipped input artifacts
ArchiveLogs indicates if the container logs should be archived
ArtifactGC describes how to delete artifacts from completed Workflows - this is embedded into the WorkflowLevelArtifactGC, and also used for individual Artifacts to override that as needed
3 nested properties
Pod metadata
2 nested properties
ServiceAccountName is an optional field for specifying the Service Account that should be assigned to the Pod doing the deletion
Strategy is the strategy to use.
ArtifactoryArtifact is the location of an artifactory artifact
3 nested properties
URL of the artifact
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
AzureArtifact is the location of an Azure Storage artifact
5 nested properties
Blob is the blob name (i.e., path) in the container where the artifact resides
Container is the container where resources will be stored
Endpoint is the service url associated with an account. It is most likely "<https://<ACCOUNT_NAME>>.blob.core.windows.net"
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
UseSDKCreds tells the driver to figure out credentials based on sdk defaults.
Has this been deleted?
From allows an artifact to reference an artifact from a previous step
FromExpression, if defined, is evaluated to specify the value for the artifact
GCSArtifact is the location of a GCS artifact
3 nested properties
Key is the path in the bucket where the artifact resides
Bucket is the name of the bucket
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
GitArtifact is the location of a git artifact
12 nested properties
Repo is the git repository
Branch is the branch to fetch when SingleBranch is enabled
Depth specifies clones/fetches should be shallow and include the given number of commits from the branch tip
DisableSubmodules disables submodules during git clone
Fetch specifies a number of refs that should be fetched before checkout
InsecureIgnoreHostKey disables SSH strict host key checking during git clone
InsecureSkipTLS disables server certificate verification resulting in insecure HTTPS connections
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Revision is the git commit, tag, branch to checkout
SingleBranch enables single branch clone, using the branch parameter
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
GlobalName exports an output artifact to the global scope, making it available as '{{io.argoproj.workflow.v1alpha1.outputs.artifacts.XXXX}} and in workflow.status.outputs.artifacts
HDFSArtifact is the location of an HDFS artifact
11 nested properties
Path is a file path in HDFS
Addresses is accessible addresses of HDFS name nodes
DataTransferProtection is the protection level for HDFS data transfer. It corresponds to the dfs.data.transfer.protection configuration in HDFS.
Force copies a file forcibly even if it exists
HDFSUser is the user to access HDFS file system. It is ignored if either ccache or keytab is used.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Selects a key from a ConfigMap.
3 nested properties
The key to select.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the ConfigMap or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
KrbRealm is the Kerberos realm used with Kerberos keytab It must be set if keytab is used.
KrbServicePrincipalName is the principal name of Kerberos service It must be set if either ccache or keytab is used.
KrbUsername is the Kerberos username used with Kerberos keytab It must be set if keytab is used.
HTTPArtifact allows a file served on HTTP to be placed as an input artifact in a container
3 nested properties
URL of the artifact
3 nested properties
Headers are an optional list of headers to send with HTTP requests for artifacts
mode bits to use on this file, must be a value between 0 and 0777. Set when loading input artifacts. It is recommended to set the mode value to ensure the artifact has the expected permissions in your container.
Make Artifacts optional, if Artifacts doesn't generate or exist
OSSArtifact is the location of an Alibaba Cloud OSS artifact
9 nested properties
Key is the path in the bucket where the artifact resides
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Bucket is the name of the bucket
CreateBucketIfNotPresent tells the driver to attempt to create the OSS bucket for output artifacts, if it doesn't exist
Endpoint is the hostname of the bucket endpoint
OSSLifecycleRule specifies how to manage bucket's lifecycle
2 nested properties
MarkDeletionAfterDays is the number of days before we delete objects in the bucket
MarkInfrequentAccessAfterDays is the number of days before we convert the objects in the bucket to Infrequent Access (IA) storage type
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecurityToken is the user's temporary security token. For more details, check out: https://www.alibabacloud.com/help/doc-detail/100624.htm
UseSDKCreds tells the driver to figure out credentials based on sdk defaults.
Path is the container path to the artifact
PluginArtifact is the location of a plugin artifact
4 nested properties
Key is the path in the artifact repository where the artifact resides
Configuration is the plugin defined configuration for the artifact driver plugin
ConnectionTimeoutSeconds is the timeout for the artifact driver connection, overriding the driver's timeout
Name is the name of the artifact driver plugin
RawArtifact allows raw string content to be placed as an artifact in a container
1 nested properties
Data is the string contents of the artifact
If mode is set, apply the permission recursively into the artifact if it is a folder
S3Artifact is the location of an S3 artifact
13 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Bucket is the name of the bucket
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
CreateS3BucketOptions options used to determine automatic automatic bucket-creation process
1 nested properties
ObjectLocking Enable object locking
S3EncryptionOptions used to determine encryption options during s3 operations
4 nested properties
EnableEncryption tells the driver to encrypt objects if set to true. If kmsKeyId and serverSideCustomerKeySecret are not set, SSE-S3 will be used
KmsEncryptionContext is a json blob that contains an encryption context. See https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context for more information
KMSKeyId tells the driver to encrypt the object using the specified KMS Key.
SecretKeySelector selects a key of a Secret.
Endpoint is the hostname of the bucket endpoint
Insecure will connect to the service with TLS
Key is the key in the bucket where the artifact resides
Region contains the optional bucket region
RoleARN is the Amazon Resource Name (ARN) of the role to assume.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
UseSDKCreds tells the driver to figure out credentials based on sdk defaults.
SubPath allows an artifact to be sourced from a subpath within the specified source
ArtifactRepository represents an artifact repository in which a controller will store its artifacts
ArchiveLogs enables log archiving
ArtifactoryArtifactRepository defines the controller configuration for an artifactory artifact repository
4 nested properties
KeyFormat defines the format of how to store keys and can reference workflow variables.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
RepoURL is the url for artifactory repo.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
AzureArtifactRepository defines the controller configuration for an Azure Blob Storage artifact repository
5 nested properties
Container is the container where resources will be stored
Endpoint is the service url associated with an account. It is most likely "<https://<ACCOUNT_NAME>>.blob.core.windows.net"
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
BlobNameFormat is defines the format of how to store blob names. Can reference workflow variables
UseSDKCreds tells the driver to figure out credentials based on sdk defaults.
GCSArtifactRepository defines the controller configuration for a GCS artifact repository
3 nested properties
Bucket is the name of the bucket
KeyFormat defines the format of how to store keys and can reference workflow variables.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
HDFSArtifactRepository defines the controller configuration for an HDFS artifact repository
11 nested properties
Addresses is accessible addresses of HDFS name nodes
DataTransferProtection is the protection level for HDFS data transfer. It corresponds to the dfs.data.transfer.protection configuration in HDFS.
Force copies a file forcibly even if it exists
HDFSUser is the user to access HDFS file system. It is ignored if either ccache or keytab is used.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Selects a key from a ConfigMap.
3 nested properties
The key to select.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the ConfigMap or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
KrbRealm is the Kerberos realm used with Kerberos keytab It must be set if keytab is used.
KrbServicePrincipalName is the principal name of Kerberos service It must be set if either ccache or keytab is used.
KrbUsername is the Kerberos username used with Kerberos keytab It must be set if keytab is used.
PathFormat is defines the format of path to store a file. Can reference workflow variables
OSSArtifactRepository defines the controller configuration for an OSS artifact repository
9 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Bucket is the name of the bucket
CreateBucketIfNotPresent tells the driver to attempt to create the OSS bucket for output artifacts, if it doesn't exist
Endpoint is the hostname of the bucket endpoint
KeyFormat defines the format of how to store keys and can reference workflow variables.
OSSLifecycleRule specifies how to manage bucket's lifecycle
2 nested properties
MarkDeletionAfterDays is the number of days before we delete objects in the bucket
MarkInfrequentAccessAfterDays is the number of days before we convert the objects in the bucket to Infrequent Access (IA) storage type
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecurityToken is the user's temporary security token. For more details, check out: https://www.alibabacloud.com/help/doc-detail/100624.htm
UseSDKCreds tells the driver to figure out credentials based on sdk defaults.
PluginArtifactRepository defines the controller configuration for a plugin artifact repository
3 nested properties
S3ArtifactRepository defines the controller configuration for an S3 artifact repository
14 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Bucket is the name of the bucket
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
CreateS3BucketOptions options used to determine automatic automatic bucket-creation process
1 nested properties
ObjectLocking Enable object locking
S3EncryptionOptions used to determine encryption options during s3 operations
4 nested properties
EnableEncryption tells the driver to encrypt objects if set to true. If kmsKeyId and serverSideCustomerKeySecret are not set, SSE-S3 will be used
KmsEncryptionContext is a json blob that contains an encryption context. See https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context for more information
KMSKeyId tells the driver to encrypt the object using the specified KMS Key.
SecretKeySelector selects a key of a Secret.
Endpoint is the hostname of the bucket endpoint
Insecure will connect to the service with TLS
KeyFormat defines the format of how to store keys and can reference workflow variables.
KeyPrefix is prefix used as part of the bucket key in which the controller will store artifacts.
Deprecated: Use KeyFormat instead.
Region contains the optional bucket region
RoleARN is the Amazon Resource Name (ARN) of the role to assume.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
UseSDKCreds tells the driver to figure out credentials based on sdk defaults.
The name of the config map. Defaults to "artifact-repositories".
The config map key. Defaults to the value of the "workflows.argoproj.io/default-artifact-repository" annotation.
ArtifactRepository represents an artifact repository in which a controller will store its artifacts
8 nested properties
ArchiveLogs enables log archiving
ArtifactoryArtifactRepository defines the controller configuration for an artifactory artifact repository
4 nested properties
AzureArtifactRepository defines the controller configuration for an Azure Blob Storage artifact repository
5 nested properties
Container is the container where resources will be stored
Endpoint is the service url associated with an account. It is most likely "<https://<ACCOUNT_NAME>>.blob.core.windows.net"
SecretKeySelector selects a key of a Secret.
BlobNameFormat is defines the format of how to store blob names. Can reference workflow variables
UseSDKCreds tells the driver to figure out credentials based on sdk defaults.
GCSArtifactRepository defines the controller configuration for a GCS artifact repository
3 nested properties
Bucket is the name of the bucket
KeyFormat defines the format of how to store keys and can reference workflow variables.
SecretKeySelector selects a key of a Secret.
HDFSArtifactRepository defines the controller configuration for an HDFS artifact repository
11 nested properties
Addresses is accessible addresses of HDFS name nodes
DataTransferProtection is the protection level for HDFS data transfer. It corresponds to the dfs.data.transfer.protection configuration in HDFS.
Force copies a file forcibly even if it exists
HDFSUser is the user to access HDFS file system. It is ignored if either ccache or keytab is used.
SecretKeySelector selects a key of a Secret.
Selects a key from a ConfigMap.
SecretKeySelector selects a key of a Secret.
KrbRealm is the Kerberos realm used with Kerberos keytab It must be set if keytab is used.
KrbServicePrincipalName is the principal name of Kerberos service It must be set if either ccache or keytab is used.
KrbUsername is the Kerberos username used with Kerberos keytab It must be set if keytab is used.
PathFormat is defines the format of path to store a file. Can reference workflow variables
OSSArtifactRepository defines the controller configuration for an OSS artifact repository
9 nested properties
SecretKeySelector selects a key of a Secret.
Bucket is the name of the bucket
CreateBucketIfNotPresent tells the driver to attempt to create the OSS bucket for output artifacts, if it doesn't exist
Endpoint is the hostname of the bucket endpoint
KeyFormat defines the format of how to store keys and can reference workflow variables.
OSSLifecycleRule specifies how to manage bucket's lifecycle
SecretKeySelector selects a key of a Secret.
SecurityToken is the user's temporary security token. For more details, check out: https://www.alibabacloud.com/help/doc-detail/100624.htm
UseSDKCreds tells the driver to figure out credentials based on sdk defaults.
PluginArtifactRepository defines the controller configuration for a plugin artifact repository
3 nested properties
S3ArtifactRepository defines the controller configuration for an S3 artifact repository
14 nested properties
SecretKeySelector selects a key of a Secret.
Bucket is the name of the bucket
SecretKeySelector selects a key of a Secret.
CreateS3BucketOptions options used to determine automatic automatic bucket-creation process
S3EncryptionOptions used to determine encryption options during s3 operations
Endpoint is the hostname of the bucket endpoint
Insecure will connect to the service with TLS
KeyFormat defines the format of how to store keys and can reference workflow variables.
KeyPrefix is prefix used as part of the bucket key in which the controller will store artifacts.
Deprecated: Use KeyFormat instead.
Region contains the optional bucket region
RoleARN is the Amazon Resource Name (ARN) of the role to assume.
SecretKeySelector selects a key of a Secret.
SecretKeySelector selects a key of a Secret.
UseSDKCreds tells the driver to figure out credentials based on sdk defaults.
The name of the config map. Defaults to "artifact-repositories".
If this ref represents the default artifact repository, rather than a config map.
The config map key. Defaults to the value of the "workflows.argoproj.io/default-artifact-repository" annotation.
The namespace of the config map. Defaults to the workflow's namespace, or the controller's namespace (if found).
ArtifactoryArtifact is the location of an artifactory artifact
URL of the artifact
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
ArtifactoryArtifactRepository defines the controller configuration for an artifactory artifact repository
KeyFormat defines the format of how to store keys and can reference workflow variables.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
RepoURL is the url for artifactory repo.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
AzureArtifact is the location of an Azure Storage artifact
Blob is the blob name (i.e., path) in the container where the artifact resides
Container is the container where resources will be stored
Endpoint is the service url associated with an account. It is most likely "<https://<ACCOUNT_NAME>>.blob.core.windows.net"
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
UseSDKCreds tells the driver to figure out credentials based on sdk defaults.
AzureArtifactRepository defines the controller configuration for an Azure Blob Storage artifact repository
Container is the container where resources will be stored
Endpoint is the service url associated with an account. It is most likely "<https://<ACCOUNT_NAME>>.blob.core.windows.net"
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
BlobNameFormat is defines the format of how to store blob names. Can reference workflow variables
UseSDKCreds tells the driver to figure out credentials based on sdk defaults.
Backoff is a backoff strategy to use within retryStrategy
Cap is a limit on revised values of the duration parameter. If a multiplication by the factor parameter would make the duration exceed the cap then the duration is set to the cap
Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h")
MaxDuration is the maximum amount of time allowed for a workflow in the backoff strategy. It is important to note that if the workflow template includes activeDeadlineSeconds, the pod's deadline is initially set with activeDeadlineSeconds. However, when the workflow fails, the pod's deadline is then overridden by maxDuration. This ensures that the workflow does not exceed the specified maximum duration when retries are involved.
BasicAuth describes the secret selectors required for basic authentication
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Cache is the configuration for the type of cache to be used
LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
1 nested properties
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
ClientCertAuth holds necessary information for client authentication via certificates
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
ClusterWorkflowTemplate is the definition of a workflow template resource in cluster scope
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
15 nested properties
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will return a 409.
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
WorkflowSpec is the specification of a Workflow.
41 nested properties
Optional duration in seconds relative to the workflow start time which the workflow is allowed to run before the controller terminates the io.argoproj.workflow.v1alpha1. A value of zero is used to terminate a Running workflow
Affinity is a group of affinity scheduling rules.
ArchiveLogs indicates if the container logs should be archived
Arguments to a template
2 nested properties
Artifacts is the list of artifacts to pass to the template or workflow
Parameters is the list of parameters to pass to the template or workflow
WorkflowLevelArtifactGC describes how to delete artifacts from completed Workflows - this spec is used on the Workflow level
5 nested properties
ForceFinalizerRemoval: if set to true, the finalizer will be removed in the case that Artifact GC fails
Pod metadata
PodSpecPatch holds strategic merge patch to apply against the artgc pod spec.
ServiceAccountName is an optional field for specifying the Service Account that should be assigned to the Pod doing the deletion
Strategy is the strategy to use.
2 nested properties
The name of the config map. Defaults to "artifact-repositories".
The config map key. Defaults to the value of the "workflows.argoproj.io/default-artifact-repository" annotation.
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in pods. ServiceAccountName of ExecutorConfig must be specified if this value is false.
PodDNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.
3 nested properties
A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.
A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.
A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.
Set DNS policy for workflow pods. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
Entrypoint is a template reference to the starting point of the io.argoproj.workflow.v1alpha1.
ExecutorConfig holds configurations of an executor container.
1 nested properties
ServiceAccountName specifies the service account name of the executor container.
Hooks holds the lifecycle hook which is invoked at lifecycle of step, irrespective of the success, failure, or error status of the primary step
Host networking requested for this workflow pod. Default to false.
ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
Metrics are a list of metrics emitted from a Workflow/Template
1 nested properties
Prometheus is a list of prometheus metrics to be emitted MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
NodeSelector is a selector which will result in all pods of the workflow to be scheduled on the selected node(s). This is able to be overridden by a nodeSelector specified in the template.
OnExit is a template reference which is invoked at the end of the workflow, irrespective of the success, failure, or error of the primary io.argoproj.workflow.v1alpha1.
Parallelism limits the max total parallel pods that can execute at the same time in a workflow
PodDisruptionBudgetSpec is a description of a PodDisruptionBudget.
4 nested properties
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods should be considered for eviction. Current implementation considers healthy pods, as pods that have status.conditions item with type="Ready",status="True".
Valid policies are IfHealthyBudget and AlwaysAllow. If no policy is specified, the default behavior will be used, which corresponds to the IfHealthyBudget policy.
IfHealthyBudget policy means that running pods (status.phase="Running"), but not yet healthy can be evicted only if the guarded application is not disrupted (status.currentHealthy is at least equal to status.desiredHealthy). Healthy pods will be subject to the PDB for eviction.
AlwaysAllow policy means that all running pods (status.phase="Running"), but not yet healthy are considered disrupted and can be evicted regardless of whether the criteria in a PDB is met. This means perspective running pods of a disrupted application might not get a chance to become healthy. Healthy pods will be subject to the PDB for eviction.
Additional policies may be added in the future. Clients making eviction decisions should disallow eviction of unhealthy pods if they encounter an unrecognized policy in this field.
PodGC describes how to delete completed pods as they complete
3 nested properties
DeleteDelayDuration specifies the duration before pods in the GC queue get deleted.
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
Strategy is the strategy to use. One of "OnPodCompletion", "OnPodSuccess", "OnWorkflowCompletion", "OnWorkflowSuccess". If unset, does not delete Pods
Pod metadata
2 nested properties
PriorityClassName to apply to workflow pods.
PodSpecPatch holds strategic merge patch to apply against the pod spec. Allows parameterization of container fields which are not strings (e.g. resource limits).
Priority is used if controller is configured to process limited number of workflows in parallel. Workflows with higher priority are processed first.
RetryStrategy provides controls on how to retry a workflow step
5 nested properties
RetryAffinity prevents running steps on the same host.
Backoff is a backoff strategy to use within retryStrategy
Expression is a condition expression for when a node will be retried. If it evaluates to false, the node will not be retried and the retry strategy will be ignored
RetryPolicy is a policy of NodePhase statuses that will be retried
Set scheduler name for all pods. Will be overridden if container/script template's scheduler name is set. Default scheduler will be used if neither specified.
PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
13 nested properties
AppArmorProfile defines a pod or container's AppArmor settings.
A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:
- The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw----
If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.
fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. Valid values are "MountOption" and "Recursive".
"Recursive" means relabeling of all files on all Pod volumes by the container runtime. This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.
"MountOption" mounts all eligible Pod volumes with -o context mount option. This requires all Pods that share the same volume to use the same SELinux label. It is not possible to share the same volume among privileged and unprivileged Pods. Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their CSIDriver instance. Other volumes are always re-labelled recursively. "MountOption" value is allowed only when SELinuxMount feature gate is enabled.
If not specified and SELinuxMount feature gate is enabled, "MountOption" is used. If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes and "Recursive" for all other volumes.
This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.
All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. Note that this field cannot be set when spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.
Defines how supplemental groups of the first container processes are calculated. Valid values are "Merge" and "Strict". If not specified, "Merge" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.
WindowsSecurityContextOptions contain Windows-specific options and credentials.
ServiceAccountName is the name of the ServiceAccount to run all pods of the workflow as.
Shutdown will shutdown the workflow according to its ShutdownStrategy
Suspend will suspend the workflow and prevent execution of any future steps in the workflow
Synchronization holds synchronization lock configuration
2 nested properties
v3.6 and after: Mutexes holds the list of Mutex lock details
v3.6 and after: Semaphores holds the list of Semaphores configuration
Template is a reusable and composable unit of execution in a workflow
39 nested properties
Affinity is a group of affinity scheduling rules.
Annotations is a list of annotations to add to the template at runtime
ArtifactLocation describes a location for a single or multiple artifacts. It is used as single artifact in the context of inputs/outputs (e.g. outputs.artifacts.artname). It is also used to describe the location of multiple artifacts such as the archive location of a single workflow step, which the executor will use as a default location to store its files.
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in pods. ServiceAccountName of ExecutorConfig must be specified if this value is false.
A single application container that you want to run within a pod.
Daemon will allow a workflow to proceed to the next step so long as the container reaches readiness
DAGTemplate is a template subtype for directed acyclic graph templates
Data is a data template
ExecutorConfig holds configurations of an executor container.
FailFast, if specified, will fail this template if any of its child pods has failed. This is useful for when this template is expanded with withItems, etc.
HostAliases is an optional list of hosts and IPs that will be injected into the pod spec
InitContainers is a list of containers which run before the main container.
Inputs are the mechanism for passing parameters, artifacts, volumes from one template to another
Memoization enables caching for the Outputs of the template
Pod metadata
Metrics are a list of metrics emitted from a Workflow/Template
Name is the name of the template
NodeSelector is a selector to schedule this step of the workflow to be run on the selected node(s). Overrides the selector set at the workflow level.
Outputs hold parameters, artifacts, and results from a step
Parallelism limits the max total parallel pods that can execute at the same time within the boundaries of this template invocation. If additional steps/dag templates are invoked, the pods created by those templates will not be counted towards this total.
Plugin is an Object with exactly one key
PodSpecPatch holds strategic merge patch to apply against the pod spec. Allows parameterization of container fields which are not strings (e.g. resource limits).
PriorityClassName to apply to workflow pods.
ResourceTemplate is a template subtype to manipulate kubernetes resources
RetryStrategy provides controls on how to retry a workflow step
If specified, the pod will be dispatched by specified scheduler. Or it will be dispatched by workflow scope scheduler if specified. If neither specified, the pod will be dispatched by default scheduler.
ScriptTemplate is a template subtype to enable scripting through code steps
PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
ServiceAccountName to apply to workflow pods
Sidecars is a list of containers which run alongside the main container Sidecars are automatically killed when the main container completes
Steps define a series of sequential/parallel workflow steps
SuspendTemplate is a template subtype to suspend a workflow at a predetermined point in time
Synchronization holds synchronization lock configuration
Timeout allows to set the total node execution timeout duration counting from the node's start time. This duration also includes time in which the node spends in Pending state. This duration may not be applied to Step or DAG templates.
Tolerations to apply to workflow pods.
Volumes is a list of volumes that can be mounted by containers in a template.
Templates is a list of workflow templates used in a workflow MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
Tolerations to apply to workflow pods.
TTLStrategy is the strategy for the time to live depending on if the workflow succeeded or failed
3 nested properties
SecondsAfterCompletion is the number of seconds to live after completion
SecondsAfterFailure is the number of seconds to live after failure
SecondsAfterSuccess is the number of seconds to live after success
VolumeClaimGC describes how to delete volumes from completed Workflows
1 nested properties
Strategy is the strategy to use. One of "OnWorkflowCompletion", "OnWorkflowSuccess". Defaults to "OnWorkflowSuccess"
VolumeClaimTemplates is a list of claims that containers are allowed to reference. The Workflow controller will create the claims at the beginning of the workflow and delete the claims upon completion of the workflow
Volumes is a list of volumes that can be mounted by containers in a io.argoproj.workflow.v1alpha1.
3 nested properties
WorkflowTemplateRef is a reference to a WorkflowTemplate resource.
2 nested properties
ClusterScope indicates the referred template is cluster scoped (i.e. a ClusterWorkflowTemplate).
Name is the resource name of the workflow template.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
CreateOptions may be provided when creating an API object.
3 nested properties
ClusterWorkflowTemplate is the definition of a workflow template resource in cluster scope
4 nested properties
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
15 nested properties
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will return a 409.
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
WorkflowSpec is the specification of a Workflow.
41 nested properties
Optional duration in seconds relative to the workflow start time which the workflow is allowed to run before the controller terminates the io.argoproj.workflow.v1alpha1. A value of zero is used to terminate a Running workflow
Affinity is a group of affinity scheduling rules.
ArchiveLogs indicates if the container logs should be archived
Arguments to a template
WorkflowLevelArtifactGC describes how to delete artifacts from completed Workflows - this spec is used on the Workflow level
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in pods. ServiceAccountName of ExecutorConfig must be specified if this value is false.
PodDNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.
Set DNS policy for workflow pods. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
Entrypoint is a template reference to the starting point of the io.argoproj.workflow.v1alpha1.
ExecutorConfig holds configurations of an executor container.
Hooks holds the lifecycle hook which is invoked at lifecycle of step, irrespective of the success, failure, or error status of the primary step
Host networking requested for this workflow pod. Default to false.
ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
Metrics are a list of metrics emitted from a Workflow/Template
NodeSelector is a selector which will result in all pods of the workflow to be scheduled on the selected node(s). This is able to be overridden by a nodeSelector specified in the template.
OnExit is a template reference which is invoked at the end of the workflow, irrespective of the success, failure, or error of the primary io.argoproj.workflow.v1alpha1.
Parallelism limits the max total parallel pods that can execute at the same time in a workflow
PodDisruptionBudgetSpec is a description of a PodDisruptionBudget.
PodGC describes how to delete completed pods as they complete
Pod metadata
PriorityClassName to apply to workflow pods.
PodSpecPatch holds strategic merge patch to apply against the pod spec. Allows parameterization of container fields which are not strings (e.g. resource limits).
Priority is used if controller is configured to process limited number of workflows in parallel. Workflows with higher priority are processed first.
RetryStrategy provides controls on how to retry a workflow step
Set scheduler name for all pods. Will be overridden if container/script template's scheduler name is set. Default scheduler will be used if neither specified.
PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
ServiceAccountName is the name of the ServiceAccount to run all pods of the workflow as.
Shutdown will shutdown the workflow according to its ShutdownStrategy
Suspend will suspend the workflow and prevent execution of any future steps in the workflow
Synchronization holds synchronization lock configuration
Template is a reusable and composable unit of execution in a workflow
Templates is a list of workflow templates used in a workflow MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
Tolerations to apply to workflow pods.
TTLStrategy is the strategy for the time to live depending on if the workflow succeeded or failed
VolumeClaimGC describes how to delete volumes from completed Workflows
VolumeClaimTemplates is a list of claims that containers are allowed to reference. The Workflow controller will create the claims at the beginning of the workflow and delete the claims upon completion of the workflow
Volumes is a list of volumes that can be mounted by containers in a io.argoproj.workflow.v1alpha1.
WorkflowTemplateRef is a reference to a WorkflowTemplate resource.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
CreateOptions may be provided when creating an API object.
3 nested properties
ClusterWorkflowTemplate is the definition of a workflow template resource in cluster scope
4 nested properties
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
15 nested properties
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will return a 409.
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
WorkflowSpec is the specification of a Workflow.
41 nested properties
Optional duration in seconds relative to the workflow start time which the workflow is allowed to run before the controller terminates the io.argoproj.workflow.v1alpha1. A value of zero is used to terminate a Running workflow
Affinity is a group of affinity scheduling rules.
ArchiveLogs indicates if the container logs should be archived
Arguments to a template
WorkflowLevelArtifactGC describes how to delete artifacts from completed Workflows - this spec is used on the Workflow level
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in pods. ServiceAccountName of ExecutorConfig must be specified if this value is false.
PodDNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.
Set DNS policy for workflow pods. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
Entrypoint is a template reference to the starting point of the io.argoproj.workflow.v1alpha1.
ExecutorConfig holds configurations of an executor container.
Hooks holds the lifecycle hook which is invoked at lifecycle of step, irrespective of the success, failure, or error status of the primary step
Host networking requested for this workflow pod. Default to false.
ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
Metrics are a list of metrics emitted from a Workflow/Template
NodeSelector is a selector which will result in all pods of the workflow to be scheduled on the selected node(s). This is able to be overridden by a nodeSelector specified in the template.
OnExit is a template reference which is invoked at the end of the workflow, irrespective of the success, failure, or error of the primary io.argoproj.workflow.v1alpha1.
Parallelism limits the max total parallel pods that can execute at the same time in a workflow
PodDisruptionBudgetSpec is a description of a PodDisruptionBudget.
PodGC describes how to delete completed pods as they complete
Pod metadata
PriorityClassName to apply to workflow pods.
PodSpecPatch holds strategic merge patch to apply against the pod spec. Allows parameterization of container fields which are not strings (e.g. resource limits).
Priority is used if controller is configured to process limited number of workflows in parallel. Workflows with higher priority are processed first.
RetryStrategy provides controls on how to retry a workflow step
Set scheduler name for all pods. Will be overridden if container/script template's scheduler name is set. Default scheduler will be used if neither specified.
PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
ServiceAccountName is the name of the ServiceAccount to run all pods of the workflow as.
Shutdown will shutdown the workflow according to its ShutdownStrategy
Suspend will suspend the workflow and prevent execution of any future steps in the workflow
Synchronization holds synchronization lock configuration
Template is a reusable and composable unit of execution in a workflow
Templates is a list of workflow templates used in a workflow MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
Tolerations to apply to workflow pods.
TTLStrategy is the strategy for the time to live depending on if the workflow succeeded or failed
VolumeClaimGC describes how to delete volumes from completed Workflows
VolumeClaimTemplates is a list of claims that containers are allowed to reference. The Workflow controller will create the claims at the beginning of the workflow and delete the claims upon completion of the workflow
Volumes is a list of volumes that can be mounted by containers in a io.argoproj.workflow.v1alpha1.
WorkflowTemplateRef is a reference to a WorkflowTemplate resource.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
ClusterWorkflowTemplateList is list of ClusterWorkflowTemplate resources
ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.
4 nested properties
continue may be set if the user set a limit on the number of items returned, and indicates that the server has more data available. The value is opaque and may be used to issue another request to the endpoint that served this list to retrieve the next set of available objects. Continuing a consistent list may not be possible if the server configuration has changed or more than a few minutes have passed. The resourceVersion field returned when using this continue value will be identical to the value in the first response, unless you have received this token from an error message.
remainingItemCount is the number of subsequent items in the list which are not included in this list response. If the list request contained label or field selectors, then the number of remaining items is unknown and the field will be left unset and omitted during serialization. If the list is complete (either because it is not chunking or because this is the last chunk), then there are no more remaining items and this field will be left unset and omitted during serialization. Servers older than v1.15 do not set this field. The intended use of the remainingItemCount is estimating the size of a collection. Clients should not rely on the remainingItemCount to be set or to be exact.
String that identifies the server's internal version of this object that can be used by clients to determine when objects have changed. Value must be treated as opaque by clients and passed unmodified back to the server. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
DEPRECATED: This field is ignored.
ClusterWorkflowTemplate is the definition of a workflow template resource in cluster scope
4 nested properties
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
15 nested properties
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will return a 409.
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
WorkflowSpec is the specification of a Workflow.
41 nested properties
Optional duration in seconds relative to the workflow start time which the workflow is allowed to run before the controller terminates the io.argoproj.workflow.v1alpha1. A value of zero is used to terminate a Running workflow
Affinity is a group of affinity scheduling rules.
ArchiveLogs indicates if the container logs should be archived
Arguments to a template
WorkflowLevelArtifactGC describes how to delete artifacts from completed Workflows - this spec is used on the Workflow level
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in pods. ServiceAccountName of ExecutorConfig must be specified if this value is false.
PodDNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.
Set DNS policy for workflow pods. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
Entrypoint is a template reference to the starting point of the io.argoproj.workflow.v1alpha1.
ExecutorConfig holds configurations of an executor container.
Hooks holds the lifecycle hook which is invoked at lifecycle of step, irrespective of the success, failure, or error status of the primary step
Host networking requested for this workflow pod. Default to false.
ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
Metrics are a list of metrics emitted from a Workflow/Template
NodeSelector is a selector which will result in all pods of the workflow to be scheduled on the selected node(s). This is able to be overridden by a nodeSelector specified in the template.
OnExit is a template reference which is invoked at the end of the workflow, irrespective of the success, failure, or error of the primary io.argoproj.workflow.v1alpha1.
Parallelism limits the max total parallel pods that can execute at the same time in a workflow
PodDisruptionBudgetSpec is a description of a PodDisruptionBudget.
PodGC describes how to delete completed pods as they complete
Pod metadata
PriorityClassName to apply to workflow pods.
PodSpecPatch holds strategic merge patch to apply against the pod spec. Allows parameterization of container fields which are not strings (e.g. resource limits).
Priority is used if controller is configured to process limited number of workflows in parallel. Workflows with higher priority are processed first.
RetryStrategy provides controls on how to retry a workflow step
Set scheduler name for all pods. Will be overridden if container/script template's scheduler name is set. Default scheduler will be used if neither specified.
PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
ServiceAccountName is the name of the ServiceAccount to run all pods of the workflow as.
Shutdown will shutdown the workflow according to its ShutdownStrategy
Suspend will suspend the workflow and prevent execution of any future steps in the workflow
Synchronization holds synchronization lock configuration
Template is a reusable and composable unit of execution in a workflow
Templates is a list of workflow templates used in a workflow MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
Tolerations to apply to workflow pods.
TTLStrategy is the strategy for the time to live depending on if the workflow succeeded or failed
VolumeClaimGC describes how to delete volumes from completed Workflows
VolumeClaimTemplates is a list of claims that containers are allowed to reference. The Workflow controller will create the claims at the beginning of the workflow and delete the claims upon completion of the workflow
Volumes is a list of volumes that can be mounted by containers in a io.argoproj.workflow.v1alpha1.
WorkflowTemplateRef is a reference to a WorkflowTemplate resource.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Column is a custom column that will be exposed in the Workflow List View.
The key of the label or annotation, e.g., "workflows.argoproj.io/completed".
The name of this column, e.g., "Workflow Completed".
The type of this column, "label" or "annotation".
Message is the condition message
Status is the status of the condition
Type is the type of condition
Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
List of environment variables to set in the container. Cannot be updated.
List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.
3 nested properties
LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
StopSignal defines which signal will be sent to a container when it is being stopped. If not specified, the default is defined by the container runtime in use. StopSignal can only be set for Pods with a non-empty .spec.os.name
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
10 nested properties
ExecAction describes a "run in container" action.
1 nested properties
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
GRPCAction specifies an action involving a GRPC service.
2 nested properties
Port number of the gRPC service. Number must be in the range 1 to 65535.
Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
HTTPGetAction describes an action based on HTTP Get requests.
5 nested properties
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
Custom headers to set in the request. HTTP allows repeated headers.
Path to access on the HTTP server.
Scheme to use for connecting to the host. Defaults to HTTP.
Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
TCPSocketAction describes an action based on opening a socket
2 nested properties
Optional: Host name to connect to, defaults to the pod IP.
Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
10 nested properties
ExecAction describes a "run in container" action.
1 nested properties
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
GRPCAction specifies an action involving a GRPC service.
2 nested properties
Port number of the gRPC service. Number must be in the range 1 to 65535.
Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
HTTPGetAction describes an action based on HTTP Get requests.
5 nested properties
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
Custom headers to set in the request. HTTP allows repeated headers.
Path to access on the HTTP server.
Scheme to use for connecting to the host. Defaults to HTTP.
Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
TCPSocketAction describes an action based on opening a socket
2 nested properties
Optional: Host name to connect to, defaults to the pod IP.
Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Resources resize policy for the container. This field cannot be set on ephemeral containers.
ResourceRequirements describes the compute resource requirements.
3 nested properties
Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
This field depends on the DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
RestartPolicy defines the restart behavior of individual containers in a pod. This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Additionally, setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.
Represents a list of rules to be checked to determine if the container should be restarted on exit. The rules are evaluated in order. Once a rule matches a container exit condition, the remaining rules are ignored. If no rule matches the container exit condition, the Container-level restart policy determines the whether the container is restarted or not. Constraints on the rules: - At most 20 rules are allowed. - Rules can have the same action. - Identical rules are not forbidden in validations. When rules are specified, container MUST set RestartPolicy explicitly even it if matches the Pod's RestartPolicy.
SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.
12 nested properties
AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
AppArmorProfile defines a pod or container's AppArmor settings.
2 nested properties
type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost".
Adds and removes POSIX capabilities from running containers.
2 nested properties
Added capabilities
Removed capabilities
Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
4 nested properties
Level is SELinux level label that applies to the container.
Role is a SELinux role label that applies to the container.
Type is a SELinux type label that applies to the container.
User is a SELinux user label that applies to the container.
SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
2 nested properties
type indicates which kind of seccomp profile will be applied. Valid options are:
Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
WindowsSecurityContextOptions contain Windows-specific options and credentials.
4 nested properties
GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
GMSACredentialSpecName is the name of the GMSA credential spec to use.
HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
10 nested properties
ExecAction describes a "run in container" action.
1 nested properties
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
GRPCAction specifies an action involving a GRPC service.
2 nested properties
Port number of the gRPC service. Number must be in the range 1 to 65535.
Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
HTTPGetAction describes an action based on HTTP Get requests.
5 nested properties
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
Custom headers to set in the request. HTTP allows repeated headers.
Path to access on the HTTP server.
Scheme to use for connecting to the host. Defaults to HTTP.
Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
TCPSocketAction describes an action based on opening a socket
2 nested properties
Optional: Host name to connect to, defaults to the pod IP.
Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
volumeDevices is the list of block devices to be used by the container.
Pod volumes to mount into the container's filesystem. Cannot be updated.
Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
ContainerSetRetryStrategy provides controls on how to retry a container set
Duration is the time between each retry, examples values are "300ms", "1s" or "5m". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
ContainerSetRetryStrategy provides controls on how to retry a container set
2 nested properties
Duration is the time between each retry, examples values are "300ms", "1s" or "5m". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
ContinueOn defines if a workflow should continue even if a task or step fails/errors. It can be specified if the workflow should continue when the pod errors, fails or both.
Counter is a Counter prometheus metric
Value is the value of the metric
CreateOptions may be provided when creating an API object.
3 nested properties
CronWorkflow is the definition of a scheduled workflow resource
5 nested properties
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
15 nested properties
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will return a 409.
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
CronWorkflowSpec is the specification of a CronWorkflow
11 nested properties
v3.6 and after: Schedules is a list of schedules to run the Workflow in Cron format
WorkflowSpec is the specification of a Workflow.
ConcurrencyPolicy is the K8s-style concurrency policy that will be used
FailedJobsHistoryLimit is the number of failed jobs to be kept at a time
StartingDeadlineSeconds is the K8s-style deadline that will limit the time a CronWorkflow will be run after its original scheduled time if it is missed.
StopStrategy defines if the CronWorkflow should stop scheduling based on an expression. v3.6 and after
SuccessfulJobsHistoryLimit is the number of successful jobs to be kept at a time
Suspend is a flag that will stop new CronWorkflows from running if set to true
Timezone is the timezone against which the cron schedule will be calculated, e.g. "Asia/Tokyo". Default is machine's local time.
v3.6 and after: When is an expression that determines if a run should be scheduled.
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
CronWorkflowStatus is the status of a CronWorkflow
6 nested properties
Active is a list of active workflows stemming from this CronWorkflow
Conditions is a list of conditions the CronWorkflow may have
v3.6 and after: Failed counts how many times child workflows failed
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
v3.6 and after: Phase is an enum of Active or Stopped. It changes to Stopped when stopStrategy.expression is true
v3.6 and after: Succeeded counts how many times child workflows succeeded
CreateS3BucketOptions options used to determine automatic automatic bucket-creation process
ObjectLocking Enable object locking
CronWorkflow is the definition of a scheduled workflow resource
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
15 nested properties
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will return a 409.
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
CronWorkflowSpec is the specification of a CronWorkflow
11 nested properties
v3.6 and after: Schedules is a list of schedules to run the Workflow in Cron format
WorkflowSpec is the specification of a Workflow.
41 nested properties
Optional duration in seconds relative to the workflow start time which the workflow is allowed to run before the controller terminates the io.argoproj.workflow.v1alpha1. A value of zero is used to terminate a Running workflow
Affinity is a group of affinity scheduling rules.
ArchiveLogs indicates if the container logs should be archived
Arguments to a template
WorkflowLevelArtifactGC describes how to delete artifacts from completed Workflows - this spec is used on the Workflow level
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in pods. ServiceAccountName of ExecutorConfig must be specified if this value is false.
PodDNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.
Set DNS policy for workflow pods. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
Entrypoint is a template reference to the starting point of the io.argoproj.workflow.v1alpha1.
ExecutorConfig holds configurations of an executor container.
Hooks holds the lifecycle hook which is invoked at lifecycle of step, irrespective of the success, failure, or error status of the primary step
Host networking requested for this workflow pod. Default to false.
ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
Metrics are a list of metrics emitted from a Workflow/Template
NodeSelector is a selector which will result in all pods of the workflow to be scheduled on the selected node(s). This is able to be overridden by a nodeSelector specified in the template.
OnExit is a template reference which is invoked at the end of the workflow, irrespective of the success, failure, or error of the primary io.argoproj.workflow.v1alpha1.
Parallelism limits the max total parallel pods that can execute at the same time in a workflow
PodDisruptionBudgetSpec is a description of a PodDisruptionBudget.
PodGC describes how to delete completed pods as they complete
Pod metadata
PriorityClassName to apply to workflow pods.
PodSpecPatch holds strategic merge patch to apply against the pod spec. Allows parameterization of container fields which are not strings (e.g. resource limits).
Priority is used if controller is configured to process limited number of workflows in parallel. Workflows with higher priority are processed first.
RetryStrategy provides controls on how to retry a workflow step
Set scheduler name for all pods. Will be overridden if container/script template's scheduler name is set. Default scheduler will be used if neither specified.
PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
ServiceAccountName is the name of the ServiceAccount to run all pods of the workflow as.
Shutdown will shutdown the workflow according to its ShutdownStrategy
Suspend will suspend the workflow and prevent execution of any future steps in the workflow
Synchronization holds synchronization lock configuration
Template is a reusable and composable unit of execution in a workflow
Templates is a list of workflow templates used in a workflow MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
Tolerations to apply to workflow pods.
TTLStrategy is the strategy for the time to live depending on if the workflow succeeded or failed
VolumeClaimGC describes how to delete volumes from completed Workflows
VolumeClaimTemplates is a list of claims that containers are allowed to reference. The Workflow controller will create the claims at the beginning of the workflow and delete the claims upon completion of the workflow
Volumes is a list of volumes that can be mounted by containers in a io.argoproj.workflow.v1alpha1.
WorkflowTemplateRef is a reference to a WorkflowTemplate resource.
ConcurrencyPolicy is the K8s-style concurrency policy that will be used
FailedJobsHistoryLimit is the number of failed jobs to be kept at a time
StartingDeadlineSeconds is the K8s-style deadline that will limit the time a CronWorkflow will be run after its original scheduled time if it is missed.
StopStrategy defines if the CronWorkflow should stop scheduling based on an expression. v3.6 and after
1 nested properties
v3.6 and after: Expression is an expression that stops scheduling workflows when true. Use the variables cronworkflow.failed or cronworkflow.succeeded to access the number of failed or successful child workflows.
SuccessfulJobsHistoryLimit is the number of successful jobs to be kept at a time
Suspend is a flag that will stop new CronWorkflows from running if set to true
Timezone is the timezone against which the cron schedule will be calculated, e.g. "Asia/Tokyo". Default is machine's local time.
v3.6 and after: When is an expression that determines if a run should be scheduled.
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
15 nested properties
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will return a 409.
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
CronWorkflowStatus is the status of a CronWorkflow
6 nested properties
Active is a list of active workflows stemming from this CronWorkflow
Conditions is a list of conditions the CronWorkflow may have
v3.6 and after: Failed counts how many times child workflows failed
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
v3.6 and after: Phase is an enum of Active or Stopped. It changes to Stopped when stopStrategy.expression is true
v3.6 and after: Succeeded counts how many times child workflows succeeded
CronWorkflowList is list of CronWorkflow resources
ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.
4 nested properties
continue may be set if the user set a limit on the number of items returned, and indicates that the server has more data available. The value is opaque and may be used to issue another request to the endpoint that served this list to retrieve the next set of available objects. Continuing a consistent list may not be possible if the server configuration has changed or more than a few minutes have passed. The resourceVersion field returned when using this continue value will be identical to the value in the first response, unless you have received this token from an error message.
remainingItemCount is the number of subsequent items in the list which are not included in this list response. If the list request contained label or field selectors, then the number of remaining items is unknown and the field will be left unset and omitted during serialization. If the list is complete (either because it is not chunking or because this is the last chunk), then there are no more remaining items and this field will be left unset and omitted during serialization. Servers older than v1.15 do not set this field. The intended use of the remainingItemCount is estimating the size of a collection. Clients should not rely on the remainingItemCount to be set or to be exact.
String that identifies the server's internal version of this object that can be used by clients to determine when objects have changed. Value must be treated as opaque by clients and passed unmodified back to the server. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
CronWorkflowSpec is the specification of a CronWorkflow
v3.6 and after: Schedules is a list of schedules to run the Workflow in Cron format
WorkflowSpec is the specification of a Workflow.
41 nested properties
Optional duration in seconds relative to the workflow start time which the workflow is allowed to run before the controller terminates the io.argoproj.workflow.v1alpha1. A value of zero is used to terminate a Running workflow
Affinity is a group of affinity scheduling rules.
ArchiveLogs indicates if the container logs should be archived
Arguments to a template
2 nested properties
Artifacts is the list of artifacts to pass to the template or workflow
Parameters is the list of parameters to pass to the template or workflow
WorkflowLevelArtifactGC describes how to delete artifacts from completed Workflows - this spec is used on the Workflow level
5 nested properties
ForceFinalizerRemoval: if set to true, the finalizer will be removed in the case that Artifact GC fails
Pod metadata
PodSpecPatch holds strategic merge patch to apply against the artgc pod spec.
ServiceAccountName is an optional field for specifying the Service Account that should be assigned to the Pod doing the deletion
Strategy is the strategy to use.
2 nested properties
The name of the config map. Defaults to "artifact-repositories".
The config map key. Defaults to the value of the "workflows.argoproj.io/default-artifact-repository" annotation.
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in pods. ServiceAccountName of ExecutorConfig must be specified if this value is false.
PodDNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.
3 nested properties
A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.
A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.
A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.
Set DNS policy for workflow pods. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
Entrypoint is a template reference to the starting point of the io.argoproj.workflow.v1alpha1.
ExecutorConfig holds configurations of an executor container.
1 nested properties
ServiceAccountName specifies the service account name of the executor container.
Hooks holds the lifecycle hook which is invoked at lifecycle of step, irrespective of the success, failure, or error status of the primary step
Host networking requested for this workflow pod. Default to false.
ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
Metrics are a list of metrics emitted from a Workflow/Template
1 nested properties
Prometheus is a list of prometheus metrics to be emitted MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
NodeSelector is a selector which will result in all pods of the workflow to be scheduled on the selected node(s). This is able to be overridden by a nodeSelector specified in the template.
OnExit is a template reference which is invoked at the end of the workflow, irrespective of the success, failure, or error of the primary io.argoproj.workflow.v1alpha1.
Parallelism limits the max total parallel pods that can execute at the same time in a workflow
PodDisruptionBudgetSpec is a description of a PodDisruptionBudget.
4 nested properties
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods should be considered for eviction. Current implementation considers healthy pods, as pods that have status.conditions item with type="Ready",status="True".
Valid policies are IfHealthyBudget and AlwaysAllow. If no policy is specified, the default behavior will be used, which corresponds to the IfHealthyBudget policy.
IfHealthyBudget policy means that running pods (status.phase="Running"), but not yet healthy can be evicted only if the guarded application is not disrupted (status.currentHealthy is at least equal to status.desiredHealthy). Healthy pods will be subject to the PDB for eviction.
AlwaysAllow policy means that all running pods (status.phase="Running"), but not yet healthy are considered disrupted and can be evicted regardless of whether the criteria in a PDB is met. This means perspective running pods of a disrupted application might not get a chance to become healthy. Healthy pods will be subject to the PDB for eviction.
Additional policies may be added in the future. Clients making eviction decisions should disallow eviction of unhealthy pods if they encounter an unrecognized policy in this field.
PodGC describes how to delete completed pods as they complete
3 nested properties
DeleteDelayDuration specifies the duration before pods in the GC queue get deleted.
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
Strategy is the strategy to use. One of "OnPodCompletion", "OnPodSuccess", "OnWorkflowCompletion", "OnWorkflowSuccess". If unset, does not delete Pods
Pod metadata
2 nested properties
PriorityClassName to apply to workflow pods.
PodSpecPatch holds strategic merge patch to apply against the pod spec. Allows parameterization of container fields which are not strings (e.g. resource limits).
Priority is used if controller is configured to process limited number of workflows in parallel. Workflows with higher priority are processed first.
RetryStrategy provides controls on how to retry a workflow step
5 nested properties
RetryAffinity prevents running steps on the same host.
Backoff is a backoff strategy to use within retryStrategy
Expression is a condition expression for when a node will be retried. If it evaluates to false, the node will not be retried and the retry strategy will be ignored
RetryPolicy is a policy of NodePhase statuses that will be retried
Set scheduler name for all pods. Will be overridden if container/script template's scheduler name is set. Default scheduler will be used if neither specified.
PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
13 nested properties
AppArmorProfile defines a pod or container's AppArmor settings.
A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:
- The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw----
If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.
fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. Valid values are "MountOption" and "Recursive".
"Recursive" means relabeling of all files on all Pod volumes by the container runtime. This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.
"MountOption" mounts all eligible Pod volumes with -o context mount option. This requires all Pods that share the same volume to use the same SELinux label. It is not possible to share the same volume among privileged and unprivileged Pods. Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their CSIDriver instance. Other volumes are always re-labelled recursively. "MountOption" value is allowed only when SELinuxMount feature gate is enabled.
If not specified and SELinuxMount feature gate is enabled, "MountOption" is used. If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes and "Recursive" for all other volumes.
This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.
All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. Note that this field cannot be set when spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.
Defines how supplemental groups of the first container processes are calculated. Valid values are "Merge" and "Strict". If not specified, "Merge" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.
WindowsSecurityContextOptions contain Windows-specific options and credentials.
ServiceAccountName is the name of the ServiceAccount to run all pods of the workflow as.
Shutdown will shutdown the workflow according to its ShutdownStrategy
Suspend will suspend the workflow and prevent execution of any future steps in the workflow
Synchronization holds synchronization lock configuration
2 nested properties
v3.6 and after: Mutexes holds the list of Mutex lock details
v3.6 and after: Semaphores holds the list of Semaphores configuration
Template is a reusable and composable unit of execution in a workflow
39 nested properties
Affinity is a group of affinity scheduling rules.
Annotations is a list of annotations to add to the template at runtime
ArtifactLocation describes a location for a single or multiple artifacts. It is used as single artifact in the context of inputs/outputs (e.g. outputs.artifacts.artname). It is also used to describe the location of multiple artifacts such as the archive location of a single workflow step, which the executor will use as a default location to store its files.
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in pods. ServiceAccountName of ExecutorConfig must be specified if this value is false.
A single application container that you want to run within a pod.
Daemon will allow a workflow to proceed to the next step so long as the container reaches readiness
DAGTemplate is a template subtype for directed acyclic graph templates
Data is a data template
ExecutorConfig holds configurations of an executor container.
FailFast, if specified, will fail this template if any of its child pods has failed. This is useful for when this template is expanded with withItems, etc.
HostAliases is an optional list of hosts and IPs that will be injected into the pod spec
InitContainers is a list of containers which run before the main container.
Inputs are the mechanism for passing parameters, artifacts, volumes from one template to another
Memoization enables caching for the Outputs of the template
Pod metadata
Metrics are a list of metrics emitted from a Workflow/Template
Name is the name of the template
NodeSelector is a selector to schedule this step of the workflow to be run on the selected node(s). Overrides the selector set at the workflow level.
Outputs hold parameters, artifacts, and results from a step
Parallelism limits the max total parallel pods that can execute at the same time within the boundaries of this template invocation. If additional steps/dag templates are invoked, the pods created by those templates will not be counted towards this total.
Plugin is an Object with exactly one key
PodSpecPatch holds strategic merge patch to apply against the pod spec. Allows parameterization of container fields which are not strings (e.g. resource limits).
PriorityClassName to apply to workflow pods.
ResourceTemplate is a template subtype to manipulate kubernetes resources
RetryStrategy provides controls on how to retry a workflow step
If specified, the pod will be dispatched by specified scheduler. Or it will be dispatched by workflow scope scheduler if specified. If neither specified, the pod will be dispatched by default scheduler.
ScriptTemplate is a template subtype to enable scripting through code steps
PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
ServiceAccountName to apply to workflow pods
Sidecars is a list of containers which run alongside the main container Sidecars are automatically killed when the main container completes
Steps define a series of sequential/parallel workflow steps
SuspendTemplate is a template subtype to suspend a workflow at a predetermined point in time
Synchronization holds synchronization lock configuration
Timeout allows to set the total node execution timeout duration counting from the node's start time. This duration also includes time in which the node spends in Pending state. This duration may not be applied to Step or DAG templates.
Tolerations to apply to workflow pods.
Volumes is a list of volumes that can be mounted by containers in a template.
Templates is a list of workflow templates used in a workflow MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
Tolerations to apply to workflow pods.
TTLStrategy is the strategy for the time to live depending on if the workflow succeeded or failed
3 nested properties
SecondsAfterCompletion is the number of seconds to live after completion
SecondsAfterFailure is the number of seconds to live after failure
SecondsAfterSuccess is the number of seconds to live after success
VolumeClaimGC describes how to delete volumes from completed Workflows
1 nested properties
Strategy is the strategy to use. One of "OnWorkflowCompletion", "OnWorkflowSuccess". Defaults to "OnWorkflowSuccess"
VolumeClaimTemplates is a list of claims that containers are allowed to reference. The Workflow controller will create the claims at the beginning of the workflow and delete the claims upon completion of the workflow
Volumes is a list of volumes that can be mounted by containers in a io.argoproj.workflow.v1alpha1.
3 nested properties
WorkflowTemplateRef is a reference to a WorkflowTemplate resource.
2 nested properties
ClusterScope indicates the referred template is cluster scoped (i.e. a ClusterWorkflowTemplate).
Name is the resource name of the workflow template.
ConcurrencyPolicy is the K8s-style concurrency policy that will be used
FailedJobsHistoryLimit is the number of failed jobs to be kept at a time
StartingDeadlineSeconds is the K8s-style deadline that will limit the time a CronWorkflow will be run after its original scheduled time if it is missed.
StopStrategy defines if the CronWorkflow should stop scheduling based on an expression. v3.6 and after
1 nested properties
v3.6 and after: Expression is an expression that stops scheduling workflows when true. Use the variables cronworkflow.failed or cronworkflow.succeeded to access the number of failed or successful child workflows.
SuccessfulJobsHistoryLimit is the number of successful jobs to be kept at a time
Suspend is a flag that will stop new CronWorkflows from running if set to true
Timezone is the timezone against which the cron schedule will be calculated, e.g. "Asia/Tokyo". Default is machine's local time.
v3.6 and after: When is an expression that determines if a run should be scheduled.
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
15 nested properties
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will return a 409.
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
CronWorkflowStatus is the status of a CronWorkflow
Active is a list of active workflows stemming from this CronWorkflow
Conditions is a list of conditions the CronWorkflow may have
v3.6 and after: Failed counts how many times child workflows failed
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
v3.6 and after: Phase is an enum of Active or Stopped. It changes to Stopped when stopStrategy.expression is true
v3.6 and after: Succeeded counts how many times child workflows succeeded
DAGTask represents a node in the graph during DAG execution Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.
Name is the name of the target
Arguments to a template
2 nested properties
Artifacts is the list of artifacts to pass to the template or workflow
Parameters is the list of parameters to pass to the template or workflow
ContinueOn defines if a workflow should continue even if a task or step fails/errors. It can be specified if the workflow should continue when the pod errors, fails or both.
2 nested properties
Dependencies are name of other targets which this depends on
Depends are name of other targets which this depends on
Hooks hold the lifecycle hook which is invoked at lifecycle of task, irrespective of the success, failure, or error status of the primary task
Template is a reusable and composable unit of execution in a workflow
39 nested properties
Affinity is a group of affinity scheduling rules.
Annotations is a list of annotations to add to the template at runtime
ArtifactLocation describes a location for a single or multiple artifacts. It is used as single artifact in the context of inputs/outputs (e.g. outputs.artifacts.artname). It is also used to describe the location of multiple artifacts such as the archive location of a single workflow step, which the executor will use as a default location to store its files.
11 nested properties
ArchiveLogs indicates if the container logs should be archived
ArtifactoryArtifact is the location of an artifactory artifact
AzureArtifact is the location of an Azure Storage artifact
GCSArtifact is the location of a GCS artifact
GitArtifact is the location of a git artifact
HDFSArtifact is the location of an HDFS artifact
HTTPArtifact allows a file served on HTTP to be placed as an input artifact in a container
OSSArtifact is the location of an Alibaba Cloud OSS artifact
PluginArtifact is the location of a plugin artifact
RawArtifact allows raw string content to be placed as an artifact in a container
S3Artifact is the location of an S3 artifact
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in pods. ServiceAccountName of ExecutorConfig must be specified if this value is false.
A single application container that you want to run within a pod.
25 nested properties
Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
List of environment variables to set in the container. Cannot be updated.
List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
Resources resize policy for the container. This field cannot be set on ephemeral containers.
ResourceRequirements describes the compute resource requirements.
RestartPolicy defines the restart behavior of individual containers in a pod. This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Additionally, setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.
Represents a list of rules to be checked to determine if the container should be restarted on exit. The rules are evaluated in order. Once a rule matches a container exit condition, the remaining rules are ignored. If no rule matches the container exit condition, the Container-level restart policy determines the whether the container is restarted or not. Constraints on the rules: - At most 20 rules are allowed. - Rules can have the same action. - Identical rules are not forbidden in validations. When rules are specified, container MUST set RestartPolicy explicitly even it if matches the Pod's RestartPolicy.
SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
volumeDevices is the list of block devices to be used by the container.
Pod volumes to mount into the container's filesystem. Cannot be updated.
Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
3 nested properties
ContainerSetRetryStrategy provides controls on how to retry a container set
Daemon will allow a workflow to proceed to the next step so long as the container reaches readiness
DAGTemplate is a template subtype for directed acyclic graph templates
3 nested properties
Tasks are a list of DAG tasks MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
This flag is for DAG logic. The DAG logic has a built-in "fail fast" feature to stop scheduling new steps, as soon as it detects that one of the DAG nodes is failed. Then it waits until all DAG nodes are completed before failing the DAG itself. The FailFast flag default is true, if set to false, it will allow a DAG to run all branches of the DAG to completion (either success or failure), regardless of the failed outcomes of branches in the DAG. More info and example about this feature at https://github.com/argoproj/argo-workflows/issues/1442
Target are one or more names of targets to execute in a DAG
Data is a data template
2 nested properties
DataSource sources external data into a data template
Transformation applies a set of transformations
ExecutorConfig holds configurations of an executor container.
1 nested properties
ServiceAccountName specifies the service account name of the executor container.
FailFast, if specified, will fail this template if any of its child pods has failed. This is useful for when this template is expanded with withItems, etc.
HostAliases is an optional list of hosts and IPs that will be injected into the pod spec
8 nested properties
URL of the HTTP Request
Body is content of the HTTP Request
HTTPBodySource contains the source of the HTTP body.
Headers are an optional list of headers to send with HTTP requests
InsecureSkipVerify is a bool when if set to true will skip TLS verification for the HTTP client
Method is HTTP methods for HTTP Request
SuccessCondition is an expression if evaluated to true is considered successful
TimeoutSeconds is request timeout for HTTP Request. Default is 30 seconds
InitContainers is a list of containers which run before the main container.
Inputs are the mechanism for passing parameters, artifacts, volumes from one template to another
2 nested properties
Artifact are a list of artifacts passed as inputs
Parameters are a list of parameters passed as inputs MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
Memoization enables caching for the Outputs of the template
3 nested properties
Cache is the configuration for the type of cache to be used
Key is the key to use as the caching key
MaxAge is the maximum age (e.g. "180s", "24h") of an entry that is still considered valid. If an entry is older than the MaxAge, it will be ignored.
Pod metadata
2 nested properties
Metrics are a list of metrics emitted from a Workflow/Template
1 nested properties
Prometheus is a list of prometheus metrics to be emitted MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
Name is the name of the template
NodeSelector is a selector to schedule this step of the workflow to be run on the selected node(s). Overrides the selector set at the workflow level.
Outputs hold parameters, artifacts, and results from a step
4 nested properties
Artifacts holds the list of output artifacts produced by a step
ExitCode holds the exit code of a script template
Parameters holds the list of output parameters produced by a step
Result holds the result (stdout) of a script or container template, or the response body of an HTTP template
Parallelism limits the max total parallel pods that can execute at the same time within the boundaries of this template invocation. If additional steps/dag templates are invoked, the pods created by those templates will not be counted towards this total.
Plugin is an Object with exactly one key
PodSpecPatch holds strategic merge patch to apply against the pod spec. Allows parameterization of container fields which are not strings (e.g. resource limits).
PriorityClassName to apply to workflow pods.
ResourceTemplate is a template subtype to manipulate kubernetes resources
8 nested properties
Action is the action to perform to the resource. Must be one of: get, create, apply, delete, replace, patch
FailureCondition is a label selector expression which describes the conditions of the k8s resource in which the step was considered failed
Flags is a set of additional options passed to kubectl before submitting a resource I.e. to disable resource validation: flags: [ "--validate=false" # disable resource validation ]
Manifest contains the kubernetes manifest
MergeStrategy is the strategy used to merge a patch. It defaults to "strategic" Must be one of: strategic, merge, json
SetOwnerReference sets the reference to the workflow on the OwnerReference of generated resource.
SuccessCondition is a label selector expression which describes the conditions of the k8s resource in which it is acceptable to proceed to the following step
RetryStrategy provides controls on how to retry a workflow step
5 nested properties
RetryAffinity prevents running steps on the same host.
Backoff is a backoff strategy to use within retryStrategy
Expression is a condition expression for when a node will be retried. If it evaluates to false, the node will not be retried and the retry strategy will be ignored
RetryPolicy is a policy of NodePhase statuses that will be retried
If specified, the pod will be dispatched by specified scheduler. Or it will be dispatched by workflow scope scheduler if specified. If neither specified, the pod will be dispatched by default scheduler.
ScriptTemplate is a template subtype to enable scripting through code steps
26 nested properties
Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
Source contains the source code of the script to execute
Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
List of environment variables to set in the container. Cannot be updated.
List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
Resources resize policy for the container. This field cannot be set on ephemeral containers.
ResourceRequirements describes the compute resource requirements.
RestartPolicy defines the restart behavior of individual containers in a pod. This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Additionally, setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.
Represents a list of rules to be checked to determine if the container should be restarted on exit. The rules are evaluated in order. Once a rule matches a container exit condition, the remaining rules are ignored. If no rule matches the container exit condition, the Container-level restart policy determines the whether the container is restarted or not. Constraints on the rules: - At most 20 rules are allowed. - Rules can have the same action. - Identical rules are not forbidden in validations. When rules are specified, container MUST set RestartPolicy explicitly even it if matches the Pod's RestartPolicy.
SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
volumeDevices is the list of block devices to be used by the container.
Pod volumes to mount into the container's filesystem. Cannot be updated.
Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
13 nested properties
AppArmorProfile defines a pod or container's AppArmor settings.
A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:
- The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw----
If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.
fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. Valid values are "MountOption" and "Recursive".
"Recursive" means relabeling of all files on all Pod volumes by the container runtime. This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.
"MountOption" mounts all eligible Pod volumes with -o context mount option. This requires all Pods that share the same volume to use the same SELinux label. It is not possible to share the same volume among privileged and unprivileged Pods. Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their CSIDriver instance. Other volumes are always re-labelled recursively. "MountOption" value is allowed only when SELinuxMount feature gate is enabled.
If not specified and SELinuxMount feature gate is enabled, "MountOption" is used. If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes and "Recursive" for all other volumes.
This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.
All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. Note that this field cannot be set when spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.
Defines how supplemental groups of the first container processes are calculated. Valid values are "Merge" and "Strict". If not specified, "Merge" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.
WindowsSecurityContextOptions contain Windows-specific options and credentials.
ServiceAccountName to apply to workflow pods
Sidecars is a list of containers which run alongside the main container Sidecars are automatically killed when the main container completes
Steps define a series of sequential/parallel workflow steps
SuspendTemplate is a template subtype to suspend a workflow at a predetermined point in time
1 nested properties
Duration is the seconds to wait before automatically resuming a template. Must be a string. Default unit is seconds. Could also be a Duration, e.g.: "2m", "6h"
Synchronization holds synchronization lock configuration
2 nested properties
v3.6 and after: Mutexes holds the list of Mutex lock details
v3.6 and after: Semaphores holds the list of Semaphores configuration
Timeout allows to set the total node execution timeout duration counting from the node's start time. This duration also includes time in which the node spends in Pending state. This duration may not be applied to Step or DAG templates.
Tolerations to apply to workflow pods.
Volumes is a list of volumes that can be mounted by containers in a template.
OnExit is a template reference which is invoked at the end of the template, irrespective of the success, failure, or error of the primary template.
Deprecated: Use Hooks[exit].Template instead.
Name of template to execute
TemplateRef is a reference of template resource.
3 nested properties
ClusterScope indicates the referred template is cluster scoped (i.e. a ClusterWorkflowTemplate).
Name is the resource name of the template.
Template is the name of referred template in the resource.
When is an expression in which the task should conditionally execute
WithItems expands a task into multiple parallel tasks from the items in the list Note: The structure of WithItems is free-form, so we need "x-kubernetes-preserve-unknown-fields: true" in the validation schema.
WithParam expands a task into multiple parallel tasks from the value in the parameter, which is expected to be a JSON list.
DAGTemplate is a template subtype for directed acyclic graph templates
Tasks are a list of DAG tasks MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
This flag is for DAG logic. The DAG logic has a built-in "fail fast" feature to stop scheduling new steps, as soon as it detects that one of the DAG nodes is failed. Then it waits until all DAG nodes are completed before failing the DAG itself. The FailFast flag default is true, if set to false, it will allow a DAG to run all branches of the DAG to completion (either success or failure), regardless of the failed outcomes of branches in the DAG. More info and example about this feature at https://github.com/argoproj/argo-workflows/issues/1442
Target are one or more names of targets to execute in a DAG
Data is a data template
DataSource sources external data into a data template
1 nested properties
ArtifactPaths expands a step from a collection of artifacts
23 nested properties
name of the artifact. must be unique within a template's inputs/outputs.
ArchiveStrategy describes how to archive files/directory when saving artifacts
ArchiveLogs indicates if the container logs should be archived
ArtifactGC describes how to delete artifacts from completed Workflows - this is embedded into the WorkflowLevelArtifactGC, and also used for individual Artifacts to override that as needed
ArtifactoryArtifact is the location of an artifactory artifact
AzureArtifact is the location of an Azure Storage artifact
Has this been deleted?
From allows an artifact to reference an artifact from a previous step
FromExpression, if defined, is evaluated to specify the value for the artifact
GCSArtifact is the location of a GCS artifact
GitArtifact is the location of a git artifact
GlobalName exports an output artifact to the global scope, making it available as '{{io.argoproj.workflow.v1alpha1.outputs.artifacts.XXXX}} and in workflow.status.outputs.artifacts
HDFSArtifact is the location of an HDFS artifact
HTTPArtifact allows a file served on HTTP to be placed as an input artifact in a container
mode bits to use on this file, must be a value between 0 and 0777. Set when loading input artifacts. It is recommended to set the mode value to ensure the artifact has the expected permissions in your container.
Make Artifacts optional, if Artifacts doesn't generate or exist
OSSArtifact is the location of an Alibaba Cloud OSS artifact
Path is the container path to the artifact
PluginArtifact is the location of a plugin artifact
RawArtifact allows raw string content to be placed as an artifact in a container
If mode is set, apply the permission recursively into the artifact if it is a folder
S3Artifact is the location of an S3 artifact
SubPath allows an artifact to be sourced from a subpath within the specified source
Transformation applies a set of transformations
DataSource sources external data into a data template
ArtifactPaths expands a step from a collection of artifacts
23 nested properties
name of the artifact. must be unique within a template's inputs/outputs.
ArchiveStrategy describes how to archive files/directory when saving artifacts
3 nested properties
NoneStrategy indicates to skip tar process and upload the files or directory tree as independent files. Note that if the artifact is a directory, the artifact driver must support the ability to save/load the directory appropriately.
TarStrategy will tar and gzip the file or directory when saving
ZipStrategy will unzip zipped input artifacts
ArchiveLogs indicates if the container logs should be archived
ArtifactGC describes how to delete artifacts from completed Workflows - this is embedded into the WorkflowLevelArtifactGC, and also used for individual Artifacts to override that as needed
3 nested properties
Pod metadata
ServiceAccountName is an optional field for specifying the Service Account that should be assigned to the Pod doing the deletion
Strategy is the strategy to use.
ArtifactoryArtifact is the location of an artifactory artifact
AzureArtifact is the location of an Azure Storage artifact
5 nested properties
Blob is the blob name (i.e., path) in the container where the artifact resides
Container is the container where resources will be stored
Endpoint is the service url associated with an account. It is most likely "<https://<ACCOUNT_NAME>>.blob.core.windows.net"
SecretKeySelector selects a key of a Secret.
UseSDKCreds tells the driver to figure out credentials based on sdk defaults.
Has this been deleted?
From allows an artifact to reference an artifact from a previous step
FromExpression, if defined, is evaluated to specify the value for the artifact
GCSArtifact is the location of a GCS artifact
3 nested properties
Key is the path in the bucket where the artifact resides
Bucket is the name of the bucket
SecretKeySelector selects a key of a Secret.
GitArtifact is the location of a git artifact
12 nested properties
Repo is the git repository
Branch is the branch to fetch when SingleBranch is enabled
Depth specifies clones/fetches should be shallow and include the given number of commits from the branch tip
DisableSubmodules disables submodules during git clone
Fetch specifies a number of refs that should be fetched before checkout
InsecureIgnoreHostKey disables SSH strict host key checking during git clone
InsecureSkipTLS disables server certificate verification resulting in insecure HTTPS connections
SecretKeySelector selects a key of a Secret.
Revision is the git commit, tag, branch to checkout
SingleBranch enables single branch clone, using the branch parameter
SecretKeySelector selects a key of a Secret.
SecretKeySelector selects a key of a Secret.
GlobalName exports an output artifact to the global scope, making it available as '{{io.argoproj.workflow.v1alpha1.outputs.artifacts.XXXX}} and in workflow.status.outputs.artifacts
HDFSArtifact is the location of an HDFS artifact
11 nested properties
Path is a file path in HDFS
Addresses is accessible addresses of HDFS name nodes
DataTransferProtection is the protection level for HDFS data transfer. It corresponds to the dfs.data.transfer.protection configuration in HDFS.
Force copies a file forcibly even if it exists
HDFSUser is the user to access HDFS file system. It is ignored if either ccache or keytab is used.
SecretKeySelector selects a key of a Secret.
Selects a key from a ConfigMap.
SecretKeySelector selects a key of a Secret.
KrbRealm is the Kerberos realm used with Kerberos keytab It must be set if keytab is used.
KrbServicePrincipalName is the principal name of Kerberos service It must be set if either ccache or keytab is used.
KrbUsername is the Kerberos username used with Kerberos keytab It must be set if keytab is used.
HTTPArtifact allows a file served on HTTP to be placed as an input artifact in a container
3 nested properties
URL of the artifact
Headers are an optional list of headers to send with HTTP requests for artifacts
mode bits to use on this file, must be a value between 0 and 0777. Set when loading input artifacts. It is recommended to set the mode value to ensure the artifact has the expected permissions in your container.
Make Artifacts optional, if Artifacts doesn't generate or exist
OSSArtifact is the location of an Alibaba Cloud OSS artifact
9 nested properties
Key is the path in the bucket where the artifact resides
SecretKeySelector selects a key of a Secret.
Bucket is the name of the bucket
CreateBucketIfNotPresent tells the driver to attempt to create the OSS bucket for output artifacts, if it doesn't exist
Endpoint is the hostname of the bucket endpoint
OSSLifecycleRule specifies how to manage bucket's lifecycle
SecretKeySelector selects a key of a Secret.
SecurityToken is the user's temporary security token. For more details, check out: https://www.alibabacloud.com/help/doc-detail/100624.htm
UseSDKCreds tells the driver to figure out credentials based on sdk defaults.
Path is the container path to the artifact
PluginArtifact is the location of a plugin artifact
4 nested properties
Key is the path in the artifact repository where the artifact resides
Configuration is the plugin defined configuration for the artifact driver plugin
ConnectionTimeoutSeconds is the timeout for the artifact driver connection, overriding the driver's timeout
Name is the name of the artifact driver plugin
RawArtifact allows raw string content to be placed as an artifact in a container
1 nested properties
Data is the string contents of the artifact
If mode is set, apply the permission recursively into the artifact if it is a folder
S3Artifact is the location of an S3 artifact
13 nested properties
SecretKeySelector selects a key of a Secret.
Bucket is the name of the bucket
SecretKeySelector selects a key of a Secret.
CreateS3BucketOptions options used to determine automatic automatic bucket-creation process
S3EncryptionOptions used to determine encryption options during s3 operations
Endpoint is the hostname of the bucket endpoint
Insecure will connect to the service with TLS
Key is the key in the bucket where the artifact resides
Region contains the optional bucket region
RoleARN is the Amazon Resource Name (ARN) of the role to assume.
SecretKeySelector selects a key of a Secret.
SecretKeySelector selects a key of a Secret.
UseSDKCreds tells the driver to figure out credentials based on sdk defaults.
SubPath allows an artifact to be sourced from a subpath within the specified source
Selector (https://github.com/expr-lang/expr) that we must must match the io.argoproj.workflow.v1alpha1. E.g. payload.message == "test"
ExecutorConfig holds configurations of an executor container.
ServiceAccountName specifies the service account name of the executor container.
GCSArtifact is the location of a GCS artifact
Key is the path in the bucket where the artifact resides
Bucket is the name of the bucket
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
GCSArtifactRepository defines the controller configuration for a GCS artifact repository
Bucket is the name of the bucket
KeyFormat defines the format of how to store keys and can reference workflow variables.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Gauge is a Gauge prometheus metric
Realtime emits this metric in real time if applicable
Value is the value to be used in the operation with the metric's current value. If no operation is set, value is the value of the metric MaxLength is an artificial limit to limit CEL validation costs - see note at top of file
Operation defines the operation to apply with value and the metrics' current value
GitArtifact is the location of a git artifact
Repo is the git repository
Branch is the branch to fetch when SingleBranch is enabled
Depth specifies clones/fetches should be shallow and include the given number of commits from the branch tip
DisableSubmodules disables submodules during git clone
Fetch specifies a number of refs that should be fetched before checkout
InsecureIgnoreHostKey disables SSH strict host key checking during git clone
InsecureSkipTLS disables server certificate verification resulting in insecure HTTPS connections
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Revision is the git commit, tag, branch to checkout
SingleBranch enables single branch clone, using the branch parameter
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
HDFSArtifact is the location of an HDFS artifact
Path is a file path in HDFS
Addresses is accessible addresses of HDFS name nodes
DataTransferProtection is the protection level for HDFS data transfer. It corresponds to the dfs.data.transfer.protection configuration in HDFS.
Force copies a file forcibly even if it exists
HDFSUser is the user to access HDFS file system. It is ignored if either ccache or keytab is used.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Selects a key from a ConfigMap.
3 nested properties
The key to select.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the ConfigMap or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
KrbRealm is the Kerberos realm used with Kerberos keytab It must be set if keytab is used.
KrbServicePrincipalName is the principal name of Kerberos service It must be set if either ccache or keytab is used.
KrbUsername is the Kerberos username used with Kerberos keytab It must be set if keytab is used.
HDFSArtifactRepository defines the controller configuration for an HDFS artifact repository
Addresses is accessible addresses of HDFS name nodes
DataTransferProtection is the protection level for HDFS data transfer. It corresponds to the dfs.data.transfer.protection configuration in HDFS.
Force copies a file forcibly even if it exists
HDFSUser is the user to access HDFS file system. It is ignored if either ccache or keytab is used.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Selects a key from a ConfigMap.
3 nested properties
The key to select.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the ConfigMap or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
KrbRealm is the Kerberos realm used with Kerberos keytab It must be set if keytab is used.
KrbServicePrincipalName is the principal name of Kerberos service It must be set if either ccache or keytab is used.
KrbUsername is the Kerberos username used with Kerberos keytab It must be set if keytab is used.
PathFormat is defines the format of path to store a file. Can reference workflow variables
URL of the HTTP Request
Body is content of the HTTP Request
HTTPBodySource contains the source of the HTTP body.
1 nested properties
Headers are an optional list of headers to send with HTTP requests
InsecureSkipVerify is a bool when if set to true will skip TLS verification for the HTTP client
Method is HTTP methods for HTTP Request
SuccessCondition is an expression if evaluated to true is considered successful
TimeoutSeconds is request timeout for HTTP Request. Default is 30 seconds
HTTPArtifact allows a file served on HTTP to be placed as an input artifact in a container
URL of the artifact
3 nested properties
BasicAuth describes the secret selectors required for basic authentication
ClientCertAuth holds necessary information for client authentication via certificates
OAuth2Auth holds all information for client authentication via OAuth2 tokens
5 nested properties
SecretKeySelector selects a key of a Secret.
SecretKeySelector selects a key of a Secret.
SecretKeySelector selects a key of a Secret.
Headers are an optional list of headers to send with HTTP requests for artifacts
BasicAuth describes the secret selectors required for basic authentication
2 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
ClientCertAuth holds necessary information for client authentication via certificates
2 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
OAuth2Auth holds all information for client authentication via OAuth2 tokens
5 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
HTTPBodySource contains the source of the HTTP body.
1 nested properties
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Header indicate a key-value request header to be used when fetching artifacts over HTTP
Name is the header name
Value is the literal value to use for the header
Histogram is a Histogram prometheus metric
Buckets is a list of bucket divisors for the histogram
Value is the value of the metric
Inputs are the mechanism for passing parameters, artifacts, volumes from one template to another
Artifact are a list of artifacts passed as inputs
Parameters are a list of parameters passed as inputs MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
Item expands a single workflow step into multiple parallel steps The value of Item can be a map, string, bool, or number
LabelKeys is list of keys
Labels is list of workflow labels
Arguments to a template
2 nested properties
Artifacts is the list of artifacts to pass to the template or workflow
Parameters is the list of parameters to pass to the template or workflow
Expression is a condition expression for when a node will be retried. If it evaluates to false, the node will not be retried and the retry strategy will be ignored
Template is the name of the template to execute by the hook
TemplateRef is a reference of template resource.
3 nested properties
ClusterScope indicates the referred template is cluster scoped (i.e. a ClusterWorkflowTemplate).
Name is the resource name of the template.
Template is the name of referred template in the resource.
A link to another app.
The name of the link, E.g. "Workflow Logs" or "Pod Logs"
"workflow", "pod", "pod-logs", "event-source-logs", "sensor-logs", "workflow-list" or "chat"
Target attribute specifies where a linked document will be opened when a user clicks on a link. E.g. "_blank", "_self". If the target is _blank, it will open in a new tab.
The URL. Can contain "${metadata.namespace}", "${metadata.name}", "${status.startedAt}", "${status.finishedAt}" or any other element in workflow yaml, e.g. "${io.argoproj.workflow.v1alpha1.metadata.annotations.userDefinedKey}"
CronWorkflow is the definition of a scheduled workflow resource
5 nested properties
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
15 nested properties
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will return a 409.
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
CronWorkflowSpec is the specification of a CronWorkflow
11 nested properties
v3.6 and after: Schedules is a list of schedules to run the Workflow in Cron format
WorkflowSpec is the specification of a Workflow.
ConcurrencyPolicy is the K8s-style concurrency policy that will be used
FailedJobsHistoryLimit is the number of failed jobs to be kept at a time
StartingDeadlineSeconds is the K8s-style deadline that will limit the time a CronWorkflow will be run after its original scheduled time if it is missed.
StopStrategy defines if the CronWorkflow should stop scheduling based on an expression. v3.6 and after
SuccessfulJobsHistoryLimit is the number of successful jobs to be kept at a time
Suspend is a flag that will stop new CronWorkflows from running if set to true
Timezone is the timezone against which the cron schedule will be calculated, e.g. "Asia/Tokyo". Default is machine's local time.
v3.6 and after: When is an expression that determines if a run should be scheduled.
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
CronWorkflowStatus is the status of a CronWorkflow
6 nested properties
Active is a list of active workflows stemming from this CronWorkflow
Conditions is a list of conditions the CronWorkflow may have
v3.6 and after: Failed counts how many times child workflows failed
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
v3.6 and after: Phase is an enum of Active or Stopped. It changes to Stopped when stopStrategy.expression is true
v3.6 and after: Succeeded counts how many times child workflows succeeded
Artifact indicates an artifact to place at a specified path
23 nested properties
name of the artifact. must be unique within a template's inputs/outputs.
ArchiveStrategy describes how to archive files/directory when saving artifacts
3 nested properties
NoneStrategy indicates to skip tar process and upload the files or directory tree as independent files. Note that if the artifact is a directory, the artifact driver must support the ability to save/load the directory appropriately.
TarStrategy will tar and gzip the file or directory when saving
ZipStrategy will unzip zipped input artifacts
ArchiveLogs indicates if the container logs should be archived
ArtifactGC describes how to delete artifacts from completed Workflows - this is embedded into the WorkflowLevelArtifactGC, and also used for individual Artifacts to override that as needed
3 nested properties
Pod metadata
ServiceAccountName is an optional field for specifying the Service Account that should be assigned to the Pod doing the deletion
Strategy is the strategy to use.
ArtifactoryArtifact is the location of an artifactory artifact
AzureArtifact is the location of an Azure Storage artifact
5 nested properties
Blob is the blob name (i.e., path) in the container where the artifact resides
Container is the container where resources will be stored
Endpoint is the service url associated with an account. It is most likely "<https://<ACCOUNT_NAME>>.blob.core.windows.net"
SecretKeySelector selects a key of a Secret.
UseSDKCreds tells the driver to figure out credentials based on sdk defaults.
Has this been deleted?
From allows an artifact to reference an artifact from a previous step
FromExpression, if defined, is evaluated to specify the value for the artifact
GCSArtifact is the location of a GCS artifact
3 nested properties
Key is the path in the bucket where the artifact resides
Bucket is the name of the bucket
SecretKeySelector selects a key of a Secret.
GitArtifact is the location of a git artifact
12 nested properties
Repo is the git repository
Branch is the branch to fetch when SingleBranch is enabled
Depth specifies clones/fetches should be shallow and include the given number of commits from the branch tip
DisableSubmodules disables submodules during git clone
Fetch specifies a number of refs that should be fetched before checkout
InsecureIgnoreHostKey disables SSH strict host key checking during git clone
InsecureSkipTLS disables server certificate verification resulting in insecure HTTPS connections
SecretKeySelector selects a key of a Secret.
Revision is the git commit, tag, branch to checkout
SingleBranch enables single branch clone, using the branch parameter
SecretKeySelector selects a key of a Secret.
SecretKeySelector selects a key of a Secret.
GlobalName exports an output artifact to the global scope, making it available as '{{io.argoproj.workflow.v1alpha1.outputs.artifacts.XXXX}} and in workflow.status.outputs.artifacts
HDFSArtifact is the location of an HDFS artifact
11 nested properties
Path is a file path in HDFS
Addresses is accessible addresses of HDFS name nodes
DataTransferProtection is the protection level for HDFS data transfer. It corresponds to the dfs.data.transfer.protection configuration in HDFS.
Force copies a file forcibly even if it exists
HDFSUser is the user to access HDFS file system. It is ignored if either ccache or keytab is used.
SecretKeySelector selects a key of a Secret.
Selects a key from a ConfigMap.
SecretKeySelector selects a key of a Secret.
KrbRealm is the Kerberos realm used with Kerberos keytab It must be set if keytab is used.
KrbServicePrincipalName is the principal name of Kerberos service It must be set if either ccache or keytab is used.
KrbUsername is the Kerberos username used with Kerberos keytab It must be set if keytab is used.
HTTPArtifact allows a file served on HTTP to be placed as an input artifact in a container
3 nested properties
URL of the artifact
Headers are an optional list of headers to send with HTTP requests for artifacts
mode bits to use on this file, must be a value between 0 and 0777. Set when loading input artifacts. It is recommended to set the mode value to ensure the artifact has the expected permissions in your container.
Make Artifacts optional, if Artifacts doesn't generate or exist
OSSArtifact is the location of an Alibaba Cloud OSS artifact
9 nested properties
Key is the path in the bucket where the artifact resides
SecretKeySelector selects a key of a Secret.
Bucket is the name of the bucket
CreateBucketIfNotPresent tells the driver to attempt to create the OSS bucket for output artifacts, if it doesn't exist
Endpoint is the hostname of the bucket endpoint
OSSLifecycleRule specifies how to manage bucket's lifecycle
SecretKeySelector selects a key of a Secret.
SecurityToken is the user's temporary security token. For more details, check out: https://www.alibabacloud.com/help/doc-detail/100624.htm
UseSDKCreds tells the driver to figure out credentials based on sdk defaults.
Path is the container path to the artifact
PluginArtifact is the location of a plugin artifact
4 nested properties
Key is the path in the artifact repository where the artifact resides
Configuration is the plugin defined configuration for the artifact driver plugin
ConnectionTimeoutSeconds is the timeout for the artifact driver connection, overriding the driver's timeout
Name is the name of the artifact driver plugin
RawArtifact allows raw string content to be placed as an artifact in a container
1 nested properties
Data is the string contents of the artifact
If mode is set, apply the permission recursively into the artifact if it is a folder
S3Artifact is the location of an S3 artifact
13 nested properties
SecretKeySelector selects a key of a Secret.
Bucket is the name of the bucket
SecretKeySelector selects a key of a Secret.
CreateS3BucketOptions options used to determine automatic automatic bucket-creation process
S3EncryptionOptions used to determine encryption options during s3 operations
Endpoint is the hostname of the bucket endpoint
Insecure will connect to the service with TLS
Key is the key in the bucket where the artifact resides
Region contains the optional bucket region
RoleARN is the Amazon Resource Name (ARN) of the role to assume.
SecretKeySelector selects a key of a Secret.
SecretKeySelector selects a key of a Secret.
UseSDKCreds tells the driver to figure out credentials based on sdk defaults.
SubPath allows an artifact to be sourced from a subpath within the specified source
MemoizationStatus is the status of this memoized node
Cache is the name of the cache that was used
Hit indicates whether this node was created from a cache entry
Key is the name of the key used for this node's cache
Memoization enables caching for the Outputs of the template
Cache is the configuration for the type of cache to be used
1 nested properties
LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
1 nested properties
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Key is the key to use as the caching key
MaxAge is the maximum age (e.g. "180s", "24h") of an entry that is still considered valid. If an entry is older than the MaxAge, it will be ignored.
Pod metadata
MetricLabel is a single label for a prometheus metric
Metrics are a list of metrics emitted from a Workflow/Template
Prometheus is a list of prometheus metrics to be emitted MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
Mutex holds Mutex configuration
Database specifies this is database controlled if this is set true
name of the mutex
Namespace is the namespace of the mutex, default: [namespace of workflow]
MutexHolding describes the mutex and the object which is holding it.
Holder is a reference to the object which holds the Mutex. Holding Scenario:
- Current workflow's NodeID which is holding the lock. e.g: ${NodeID} Waiting Scenario:
- Current workflow or other workflow NodeID which is holding the lock. e.g: ${WorkflowName}/${NodeID}
Reference for the mutex e.g: ${namespace}/mutex/${mutexName}
MutexStatus contains which objects hold mutex locks, and which objects this workflow is waiting on to release locks.
Holding is a list of mutexes and their respective objects that are held by mutex lock for this io.argoproj.workflow.v1alpha1.
Waiting is a list of mutexes and their respective objects this workflow is waiting for.
Hooked tracks whether or not this node was triggered by hook or onExit
Retried tracks whether or not this node was retried by retryStrategy
NodeStatus contains status information about an individual node in the workflow
ID is a unique identifier of a node within the worklow It is implemented as a hash of the node name, which makes the ID deterministic
Name is unique name in the node tree used to generate the node ID
Type indicates type of node
BoundaryID indicates the node ID of the associated template root node in which this node belongs to
Children is a list of child node IDs
Daemoned tracks whether or not this node was daemoned and need to be terminated
DisplayName is a human readable representation of the node. Unique within a template boundary
EstimatedDuration in seconds.
FailedPodRestarts tracks the number of times the pod for this node was restarted due to infrastructure failures before the main container started.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
HostNodeName name of the Kubernetes node on which the Pod is running, if applicable
Inputs are the mechanism for passing parameters, artifacts, volumes from one template to another
2 nested properties
Artifact are a list of artifacts passed as inputs
Parameters are a list of parameters passed as inputs MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
MemoizationStatus is the status of this memoized node
3 nested properties
Cache is the name of the cache that was used
Hit indicates whether this node was created from a cache entry
Key is the name of the key used for this node's cache
A human readable message indicating details about why the node is in this condition.
2 nested properties
Hooked tracks whether or not this node was triggered by hook or onExit
Retried tracks whether or not this node was retried by retryStrategy
OutboundNodes tracks the node IDs which are considered "outbound" nodes to a template invocation. For every invocation of a template, there are nodes which we considered as "outbound". Essentially, these are last nodes in the execution sequence to run, before the template is considered completed. These nodes are then connected as parents to a following step.
In the case of single pod steps (i.e. container, script, resource templates), this list will be nil since the pod itself is already considered the "outbound" node. In the case of DAGs, outbound nodes are the "target" tasks (tasks with no children). In the case of steps, outbound nodes are all the containers involved in the last step group. NOTE: since templates are composable, the list of outbound nodes are carried upwards when a DAG/steps template invokes another DAG/steps template. In other words, the outbound nodes of a template, will be a superset of the outbound nodes of its last children.
Outputs hold parameters, artifacts, and results from a step
4 nested properties
Artifacts holds the list of output artifacts produced by a step
ExitCode holds the exit code of a script template
Parameters holds the list of output parameters produced by a step
Result holds the result (stdout) of a script or container template, or the response body of an HTTP template
Phase a simple, high-level summary of where the node is in its lifecycle. Can be used as a state machine. Will be one of these values "Pending", "Running" before the node is completed, or "Succeeded", "Skipped", "Failed", "Error", or "Omitted" as a final state.
PodIP captures the IP of the pod for daemoned steps
Progress to completion
ResourcesDuration is indicative, but not accurate, resource duration. This is populated when the nodes completes.
RestartingPodUID tracks the UID of the pod that is currently being restarted. This prevents duplicate restart attempts when the controller processes the same failed pod multiple times. Cleared when the replacement pod starts running.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
NodeSynchronizationStatus stores the status of a node
1 nested properties
Waiting is the name of the lock that this node is waiting for
TaskResultSynced is used to determine if the node's output has been received
TemplateName is the template name which this node corresponds to. Not applicable to virtual nodes (e.g. Retry, StepGroup)
TemplateRef is a reference of template resource.
3 nested properties
ClusterScope indicates the referred template is cluster scoped (i.e. a ClusterWorkflowTemplate).
Name is the resource name of the template.
Template is the name of referred template in the resource.
TemplateScope is the template scope in which the template of this node was retrieved.
NodeSynchronizationStatus stores the status of a node
Waiting is the name of the lock that this node is waiting for
NoneStrategy indicates to skip tar process and upload the files or directory tree as independent files. Note that if the artifact is a directory, the artifact driver must support the ability to save/load the directory appropriately.
OAuth2Auth holds all information for client authentication via OAuth2 tokens
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
EndpointParam is for requesting optional fields that should be sent in the oauth request
Name is the header name
Value is the literal value to use for the header
OSSArtifact is the location of an Alibaba Cloud OSS artifact
Key is the path in the bucket where the artifact resides
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Bucket is the name of the bucket
CreateBucketIfNotPresent tells the driver to attempt to create the OSS bucket for output artifacts, if it doesn't exist
Endpoint is the hostname of the bucket endpoint
OSSLifecycleRule specifies how to manage bucket's lifecycle
2 nested properties
MarkDeletionAfterDays is the number of days before we delete objects in the bucket
MarkInfrequentAccessAfterDays is the number of days before we convert the objects in the bucket to Infrequent Access (IA) storage type
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecurityToken is the user's temporary security token. For more details, check out: https://www.alibabacloud.com/help/doc-detail/100624.htm
UseSDKCreds tells the driver to figure out credentials based on sdk defaults.
OSSArtifactRepository defines the controller configuration for an OSS artifact repository
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Bucket is the name of the bucket
CreateBucketIfNotPresent tells the driver to attempt to create the OSS bucket for output artifacts, if it doesn't exist
Endpoint is the hostname of the bucket endpoint
KeyFormat defines the format of how to store keys and can reference workflow variables.
OSSLifecycleRule specifies how to manage bucket's lifecycle
2 nested properties
MarkDeletionAfterDays is the number of days before we delete objects in the bucket
MarkInfrequentAccessAfterDays is the number of days before we convert the objects in the bucket to Infrequent Access (IA) storage type
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecurityToken is the user's temporary security token. For more details, check out: https://www.alibabacloud.com/help/doc-detail/100624.htm
UseSDKCreds tells the driver to figure out credentials based on sdk defaults.
OSSLifecycleRule specifies how to manage bucket's lifecycle
MarkDeletionAfterDays is the number of days before we delete objects in the bucket
MarkInfrequentAccessAfterDays is the number of days before we convert the objects in the bucket to Infrequent Access (IA) storage type
Outputs hold parameters, artifacts, and results from a step
Artifacts holds the list of output artifacts produced by a step
ExitCode holds the exit code of a script template
Parameters holds the list of output parameters produced by a step
Result holds the result (stdout) of a script or container template, or the response body of an HTTP template
Parameter indicate a passed string parameter to a service template with an optional default value
Name is the parameter name
Default is the default value to use for an input parameter if a value was not supplied
Description is the parameter description
Enum holds a list of string values to choose from, for the actual value of the parameter
GlobalName exports an output parameter to the global scope, making it available as '{{io.argoproj.workflow.v1alpha1.outputs.parameters.XXXX}} and in workflow.status.outputs.parameters
Value is the literal value to use for the parameter. If specified in the context of an input parameter, any passed values take precedence over the specified value
ValueFrom describes a location in which to obtain the value to a parameter
9 nested properties
Selects a key from a ConfigMap.
3 nested properties
The key to select.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the ConfigMap or its key must be defined
Default specifies a value to be used if retrieving the value from the specified source fails
Selector (https://github.com/expr-lang/expr) that is evaluated against the event to get the value of the parameter. E.g. payload.message
Expression, if defined, is evaluated to specify the value for the parameter
JQFilter expression against the resource object in resource templates
JSONPath of a resource to retrieve an output parameter value from in resource templates
Parameter reference to a step or dag task in which to retrieve an output parameter value from (e.g. '{{steps.mystep.outputs.myparam}}')
Path in the container to retrieve an output parameter value from in container templates
SuppliedValueFrom is a placeholder for a value to be filled in directly, either through the CLI, API, etc.
Plugin is an Object with exactly one key
PluginArtifact is the location of a plugin artifact
Key is the path in the artifact repository where the artifact resides
Configuration is the plugin defined configuration for the artifact driver plugin
ConnectionTimeoutSeconds is the timeout for the artifact driver connection, overriding the driver's timeout
Name is the name of the artifact driver plugin
PluginArtifactRepository defines the controller configuration for a plugin artifact repository
PodGC describes how to delete completed pods as they complete
DeleteDelayDuration specifies the duration before pods in the GC queue get deleted.
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
2 nested properties
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
Strategy is the strategy to use. One of "OnPodCompletion", "OnPodSuccess", "OnWorkflowCompletion", "OnWorkflowSuccess". If unset, does not delete Pods
Prometheus is a prometheus metric to be emitted
Help is a string that describes the metric
Name is the name of the metric
Counter is a Counter prometheus metric
1 nested properties
Value is the value of the metric
Gauge is a Gauge prometheus metric
3 nested properties
Realtime emits this metric in real time if applicable
Value is the value to be used in the operation with the metric's current value. If no operation is set, value is the value of the metric MaxLength is an artificial limit to limit CEL validation costs - see note at top of file
Operation defines the operation to apply with value and the metrics' current value
Histogram is a Histogram prometheus metric
2 nested properties
Buckets is a list of bucket divisors for the histogram
Value is the value of the metric
Labels is a list of metric labels
When is a conditional statement that decides when to emit the metric
RawArtifact allows raw string content to be placed as an artifact in a container
Data is the string contents of the artifact
ResourceTemplate is a template subtype to manipulate kubernetes resources
Action is the action to perform to the resource. Must be one of: get, create, apply, delete, replace, patch
FailureCondition is a label selector expression which describes the conditions of the k8s resource in which the step was considered failed
Flags is a set of additional options passed to kubectl before submitting a resource I.e. to disable resource validation: flags: [ "--validate=false" # disable resource validation ]
Manifest contains the kubernetes manifest
1 nested properties
Artifact indicates an artifact to place at a specified path
23 nested properties
name of the artifact. must be unique within a template's inputs/outputs.
ArchiveStrategy describes how to archive files/directory when saving artifacts
ArchiveLogs indicates if the container logs should be archived
ArtifactGC describes how to delete artifacts from completed Workflows - this is embedded into the WorkflowLevelArtifactGC, and also used for individual Artifacts to override that as needed
ArtifactoryArtifact is the location of an artifactory artifact
AzureArtifact is the location of an Azure Storage artifact
Has this been deleted?
From allows an artifact to reference an artifact from a previous step
FromExpression, if defined, is evaluated to specify the value for the artifact
GCSArtifact is the location of a GCS artifact
GitArtifact is the location of a git artifact
GlobalName exports an output artifact to the global scope, making it available as '{{io.argoproj.workflow.v1alpha1.outputs.artifacts.XXXX}} and in workflow.status.outputs.artifacts
HDFSArtifact is the location of an HDFS artifact
HTTPArtifact allows a file served on HTTP to be placed as an input artifact in a container
mode bits to use on this file, must be a value between 0 and 0777. Set when loading input artifacts. It is recommended to set the mode value to ensure the artifact has the expected permissions in your container.
Make Artifacts optional, if Artifacts doesn't generate or exist
OSSArtifact is the location of an Alibaba Cloud OSS artifact
Path is the container path to the artifact
PluginArtifact is the location of a plugin artifact
RawArtifact allows raw string content to be placed as an artifact in a container
If mode is set, apply the permission recursively into the artifact if it is a folder
S3Artifact is the location of an S3 artifact
SubPath allows an artifact to be sourced from a subpath within the specified source
MergeStrategy is the strategy used to merge a patch. It defaults to "strategic" Must be one of: strategic, merge, json
SetOwnerReference sets the reference to the workflow on the OwnerReference of generated resource.
SuccessCondition is a label selector expression which describes the conditions of the k8s resource in which it is acceptable to proceed to the following step
RetryAffinity prevents running steps on the same host.
RetryNodeAntiAffinity is a placeholder for future expansion, only empty nodeAntiAffinity is allowed. In order to prevent running steps on the same host, it uses "kubernetes.io/hostname".
RetryNodeAntiAffinity is a placeholder for future expansion, only empty nodeAntiAffinity is allowed. In order to prevent running steps on the same host, it uses "kubernetes.io/hostname".
RetryStrategy provides controls on how to retry a workflow step
RetryAffinity prevents running steps on the same host.
1 nested properties
RetryNodeAntiAffinity is a placeholder for future expansion, only empty nodeAntiAffinity is allowed. In order to prevent running steps on the same host, it uses "kubernetes.io/hostname".
Backoff is a backoff strategy to use within retryStrategy
4 nested properties
Cap is a limit on revised values of the duration parameter. If a multiplication by the factor parameter would make the duration exceed the cap then the duration is set to the cap
Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h")
MaxDuration is the maximum amount of time allowed for a workflow in the backoff strategy. It is important to note that if the workflow template includes activeDeadlineSeconds, the pod's deadline is initially set with activeDeadlineSeconds. However, when the workflow fails, the pod's deadline is then overridden by maxDuration. This ensures that the workflow does not exceed the specified maximum duration when retries are involved.
Expression is a condition expression for when a node will be retried. If it evaluates to false, the node will not be retried and the retry strategy will be ignored
RetryPolicy is a policy of NodePhase statuses that will be retried
S3Artifact is the location of an S3 artifact
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Bucket is the name of the bucket
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
CreateS3BucketOptions options used to determine automatic automatic bucket-creation process
1 nested properties
ObjectLocking Enable object locking
S3EncryptionOptions used to determine encryption options during s3 operations
4 nested properties
EnableEncryption tells the driver to encrypt objects if set to true. If kmsKeyId and serverSideCustomerKeySecret are not set, SSE-S3 will be used
KmsEncryptionContext is a json blob that contains an encryption context. See https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context for more information
KMSKeyId tells the driver to encrypt the object using the specified KMS Key.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Endpoint is the hostname of the bucket endpoint
Insecure will connect to the service with TLS
Key is the key in the bucket where the artifact resides
Region contains the optional bucket region
RoleARN is the Amazon Resource Name (ARN) of the role to assume.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
UseSDKCreds tells the driver to figure out credentials based on sdk defaults.
S3ArtifactRepository defines the controller configuration for an S3 artifact repository
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Bucket is the name of the bucket
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
CreateS3BucketOptions options used to determine automatic automatic bucket-creation process
1 nested properties
ObjectLocking Enable object locking
S3EncryptionOptions used to determine encryption options during s3 operations
4 nested properties
EnableEncryption tells the driver to encrypt objects if set to true. If kmsKeyId and serverSideCustomerKeySecret are not set, SSE-S3 will be used
KmsEncryptionContext is a json blob that contains an encryption context. See https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context for more information
KMSKeyId tells the driver to encrypt the object using the specified KMS Key.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Endpoint is the hostname of the bucket endpoint
Insecure will connect to the service with TLS
KeyFormat defines the format of how to store keys and can reference workflow variables.
KeyPrefix is prefix used as part of the bucket key in which the controller will store artifacts.
Deprecated: Use KeyFormat instead.
Region contains the optional bucket region
RoleARN is the Amazon Resource Name (ARN) of the role to assume.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
UseSDKCreds tells the driver to figure out credentials based on sdk defaults.
S3EncryptionOptions used to determine encryption options during s3 operations
EnableEncryption tells the driver to encrypt objects if set to true. If kmsKeyId and serverSideCustomerKeySecret are not set, SSE-S3 will be used
KmsEncryptionContext is a json blob that contains an encryption context. See https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context for more information
KMSKeyId tells the driver to encrypt the object using the specified KMS Key.
SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
ScriptTemplate is a template subtype to enable scripting through code steps
Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
Source contains the source code of the script to execute
Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
List of environment variables to set in the container. Cannot be updated.
List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.
3 nested properties
LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
StopSignal defines which signal will be sent to a container when it is being stopped. If not specified, the default is defined by the container runtime in use. StopSignal can only be set for Pods with a non-empty .spec.os.name
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
10 nested properties
ExecAction describes a "run in container" action.
1 nested properties
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
GRPCAction specifies an action involving a GRPC service.
2 nested properties
Port number of the gRPC service. Number must be in the range 1 to 65535.
Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
HTTPGetAction describes an action based on HTTP Get requests.
5 nested properties
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
Custom headers to set in the request. HTTP allows repeated headers.
Path to access on the HTTP server.
Scheme to use for connecting to the host. Defaults to HTTP.
Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
TCPSocketAction describes an action based on opening a socket
2 nested properties
Optional: Host name to connect to, defaults to the pod IP.
Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
10 nested properties
ExecAction describes a "run in container" action.
1 nested properties
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
GRPCAction specifies an action involving a GRPC service.
2 nested properties
Port number of the gRPC service. Number must be in the range 1 to 65535.
Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
HTTPGetAction describes an action based on HTTP Get requests.
5 nested properties
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
Custom headers to set in the request. HTTP allows repeated headers.
Path to access on the HTTP server.
Scheme to use for connecting to the host. Defaults to HTTP.
Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
TCPSocketAction describes an action based on opening a socket
2 nested properties
Optional: Host name to connect to, defaults to the pod IP.
Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Resources resize policy for the container. This field cannot be set on ephemeral containers.
ResourceRequirements describes the compute resource requirements.
3 nested properties
Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
This field depends on the DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
RestartPolicy defines the restart behavior of individual containers in a pod. This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Additionally, setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.
Represents a list of rules to be checked to determine if the container should be restarted on exit. The rules are evaluated in order. Once a rule matches a container exit condition, the remaining rules are ignored. If no rule matches the container exit condition, the Container-level restart policy determines the whether the container is restarted or not. Constraints on the rules: - At most 20 rules are allowed. - Rules can have the same action. - Identical rules are not forbidden in validations. When rules are specified, container MUST set RestartPolicy explicitly even it if matches the Pod's RestartPolicy.
SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.
12 nested properties
AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
AppArmorProfile defines a pod or container's AppArmor settings.
2 nested properties
type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost".
Adds and removes POSIX capabilities from running containers.
2 nested properties
Added capabilities
Removed capabilities
Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
4 nested properties
Level is SELinux level label that applies to the container.
Role is a SELinux role label that applies to the container.
Type is a SELinux type label that applies to the container.
User is a SELinux user label that applies to the container.
SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
2 nested properties
type indicates which kind of seccomp profile will be applied. Valid options are:
Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
WindowsSecurityContextOptions contain Windows-specific options and credentials.
4 nested properties
GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
GMSACredentialSpecName is the name of the GMSA credential spec to use.
HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
10 nested properties
ExecAction describes a "run in container" action.
1 nested properties
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
GRPCAction specifies an action involving a GRPC service.
2 nested properties
Port number of the gRPC service. Number must be in the range 1 to 65535.
Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
HTTPGetAction describes an action based on HTTP Get requests.
5 nested properties
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
Custom headers to set in the request. HTTP allows repeated headers.
Path to access on the HTTP server.
Scheme to use for connecting to the host. Defaults to HTTP.
Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
TCPSocketAction describes an action based on opening a socket
2 nested properties
Optional: Host name to connect to, defaults to the pod IP.
Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
volumeDevices is the list of block devices to be used by the container.
Pod volumes to mount into the container's filesystem. Cannot be updated.
Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
Holders stores the list of current holder names in the io.argoproj.workflow.v1alpha1.
Semaphore stores the semaphore name.
SemaphoreRef is a reference of Semaphore
Selects a key from a ConfigMap.
3 nested properties
The key to select.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the ConfigMap or its key must be defined
1 nested properties
Namespace is the namespace of the configmap, default: [namespace of workflow]
Holding stores the list of resource acquired synchronization lock for workflows.
Waiting indicates the list of current synchronization lock holders.
StopStrategy defines if the CronWorkflow should stop scheduling based on an expression. v3.6 and after
v3.6 and after: Expression is an expression that stops scheduling workflows when true. Use the variables cronworkflow.failed or cronworkflow.succeeded to access the number of failed or successful child workflows.
WorkflowTemplateRef is a reference to a WorkflowTemplate resource.
2 nested properties
ClusterScope indicates the referred template is cluster scoped (i.e. a ClusterWorkflowTemplate).
Name is the resource name of the workflow template.
Arguments to a template
2 nested properties
Artifacts is the list of artifacts to pass to the template or workflow
Parameters is the list of parameters to pass to the template or workflow
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
15 nested properties
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will return a 409.
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
SubmitOpts are workflow submission options
Annotations adds to metadata.labels
DryRun validates the workflow on the client-side without creating it. This option is not supported in API
Entrypoint overrides spec.entrypoint
GenerateName overrides metadata.generateName
Labels adds to metadata.labels
Name overrides metadata.name
OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.
6 nested properties
API version of the referent.
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.
If true, this reference points to the managing controller.
Parameters passes input parameters to workflow
Set the podPriorityClassName of the workflow
Priority is used if controller is configured to process limited number of workflows in parallel, higher priority workflows are processed first.
ServerDryRun validates the workflow on the server-side without creating it
ServiceAccount runs all pods in the workflow using specified ServiceAccount.
SuppliedValueFrom is a placeholder for a value to be filled in directly, either through the CLI, API, etc.
SuspendTemplate is a template subtype to suspend a workflow at a predetermined point in time
Duration is the seconds to wait before automatically resuming a template. Must be a string. Default unit is seconds. Could also be a Duration, e.g.: "2m", "6h"
Synchronization holds synchronization lock configuration
v3.6 and after: Mutexes holds the list of Mutex lock details
v3.6 and after: Semaphores holds the list of Semaphores configuration
SynchronizationStatus stores the status of semaphore and mutex.
MutexStatus contains which objects hold mutex locks, and which objects this workflow is waiting on to release locks.
2 nested properties
Holding is a list of mutexes and their respective objects that are held by mutex lock for this io.argoproj.workflow.v1alpha1.
Waiting is a list of mutexes and their respective objects this workflow is waiting for.
2 nested properties
Holding stores the list of resource acquired synchronization lock for workflows.
Waiting indicates the list of current synchronization lock holders.
TTLStrategy is the strategy for the time to live depending on if the workflow succeeded or failed
SecondsAfterCompletion is the number of seconds to live after completion
SecondsAfterFailure is the number of seconds to live after failure
SecondsAfterSuccess is the number of seconds to live after success
TarStrategy will tar and gzip the file or directory when saving
CompressionLevel specifies the gzip compression level to use for the artifact. Defaults to gzip.DefaultCompression.
Template is a reusable and composable unit of execution in a workflow
Affinity is a group of affinity scheduling rules.
3 nested properties
Node affinity is a group of node affinity scheduling rules.
2 nested properties
The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
A node selector represents the union of the results of one or more label queries over a set of nodes; that is, it represents the OR of the selectors represented by the node selector terms.
Pod affinity is a group of inter pod affinity scheduling rules.
2 nested properties
The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
Pod anti affinity is a group of inter pod anti affinity scheduling rules.
2 nested properties
The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and subtracting "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
Annotations is a list of annotations to add to the template at runtime
ArtifactLocation describes a location for a single or multiple artifacts. It is used as single artifact in the context of inputs/outputs (e.g. outputs.artifacts.artname). It is also used to describe the location of multiple artifacts such as the archive location of a single workflow step, which the executor will use as a default location to store its files.
11 nested properties
ArchiveLogs indicates if the container logs should be archived
ArtifactoryArtifact is the location of an artifactory artifact
AzureArtifact is the location of an Azure Storage artifact
5 nested properties
Blob is the blob name (i.e., path) in the container where the artifact resides
Container is the container where resources will be stored
Endpoint is the service url associated with an account. It is most likely "<https://<ACCOUNT_NAME>>.blob.core.windows.net"
SecretKeySelector selects a key of a Secret.
UseSDKCreds tells the driver to figure out credentials based on sdk defaults.
GCSArtifact is the location of a GCS artifact
3 nested properties
Key is the path in the bucket where the artifact resides
Bucket is the name of the bucket
SecretKeySelector selects a key of a Secret.
GitArtifact is the location of a git artifact
12 nested properties
Repo is the git repository
Branch is the branch to fetch when SingleBranch is enabled
Depth specifies clones/fetches should be shallow and include the given number of commits from the branch tip
DisableSubmodules disables submodules during git clone
Fetch specifies a number of refs that should be fetched before checkout
InsecureIgnoreHostKey disables SSH strict host key checking during git clone
InsecureSkipTLS disables server certificate verification resulting in insecure HTTPS connections
SecretKeySelector selects a key of a Secret.
Revision is the git commit, tag, branch to checkout
SingleBranch enables single branch clone, using the branch parameter
SecretKeySelector selects a key of a Secret.
SecretKeySelector selects a key of a Secret.
HDFSArtifact is the location of an HDFS artifact
11 nested properties
Path is a file path in HDFS
Addresses is accessible addresses of HDFS name nodes
DataTransferProtection is the protection level for HDFS data transfer. It corresponds to the dfs.data.transfer.protection configuration in HDFS.
Force copies a file forcibly even if it exists
HDFSUser is the user to access HDFS file system. It is ignored if either ccache or keytab is used.
SecretKeySelector selects a key of a Secret.
Selects a key from a ConfigMap.
SecretKeySelector selects a key of a Secret.
KrbRealm is the Kerberos realm used with Kerberos keytab It must be set if keytab is used.
KrbServicePrincipalName is the principal name of Kerberos service It must be set if either ccache or keytab is used.
KrbUsername is the Kerberos username used with Kerberos keytab It must be set if keytab is used.
HTTPArtifact allows a file served on HTTP to be placed as an input artifact in a container
3 nested properties
URL of the artifact
Headers are an optional list of headers to send with HTTP requests for artifacts
OSSArtifact is the location of an Alibaba Cloud OSS artifact
9 nested properties
Key is the path in the bucket where the artifact resides
SecretKeySelector selects a key of a Secret.
Bucket is the name of the bucket
CreateBucketIfNotPresent tells the driver to attempt to create the OSS bucket for output artifacts, if it doesn't exist
Endpoint is the hostname of the bucket endpoint
OSSLifecycleRule specifies how to manage bucket's lifecycle
SecretKeySelector selects a key of a Secret.
SecurityToken is the user's temporary security token. For more details, check out: https://www.alibabacloud.com/help/doc-detail/100624.htm
UseSDKCreds tells the driver to figure out credentials based on sdk defaults.
PluginArtifact is the location of a plugin artifact
4 nested properties
Key is the path in the artifact repository where the artifact resides
Configuration is the plugin defined configuration for the artifact driver plugin
ConnectionTimeoutSeconds is the timeout for the artifact driver connection, overriding the driver's timeout
Name is the name of the artifact driver plugin
RawArtifact allows raw string content to be placed as an artifact in a container
1 nested properties
Data is the string contents of the artifact
S3Artifact is the location of an S3 artifact
13 nested properties
SecretKeySelector selects a key of a Secret.
Bucket is the name of the bucket
SecretKeySelector selects a key of a Secret.
CreateS3BucketOptions options used to determine automatic automatic bucket-creation process
S3EncryptionOptions used to determine encryption options during s3 operations
Endpoint is the hostname of the bucket endpoint
Insecure will connect to the service with TLS
Key is the key in the bucket where the artifact resides
Region contains the optional bucket region
RoleARN is the Amazon Resource Name (ARN) of the role to assume.
SecretKeySelector selects a key of a Secret.
SecretKeySelector selects a key of a Secret.
UseSDKCreds tells the driver to figure out credentials based on sdk defaults.
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in pods. ServiceAccountName of ExecutorConfig must be specified if this value is false.
A single application container that you want to run within a pod.
25 nested properties
Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
List of environment variables to set in the container. Cannot be updated.
List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.
3 nested properties
LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
StopSignal defines which signal will be sent to a container when it is being stopped. If not specified, the default is defined by the container runtime in use. StopSignal can only be set for Pods with a non-empty .spec.os.name
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
10 nested properties
ExecAction describes a "run in container" action.
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
GRPCAction specifies an action involving a GRPC service.
HTTPGetAction describes an action based on HTTP Get requests.
Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
TCPSocketAction describes an action based on opening a socket
Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
10 nested properties
ExecAction describes a "run in container" action.
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
GRPCAction specifies an action involving a GRPC service.
HTTPGetAction describes an action based on HTTP Get requests.
Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
TCPSocketAction describes an action based on opening a socket
Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Resources resize policy for the container. This field cannot be set on ephemeral containers.
ResourceRequirements describes the compute resource requirements.
3 nested properties
Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
This field depends on the DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
RestartPolicy defines the restart behavior of individual containers in a pod. This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Additionally, setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.
Represents a list of rules to be checked to determine if the container should be restarted on exit. The rules are evaluated in order. Once a rule matches a container exit condition, the remaining rules are ignored. If no rule matches the container exit condition, the Container-level restart policy determines the whether the container is restarted or not. Constraints on the rules: - At most 20 rules are allowed. - Rules can have the same action. - Identical rules are not forbidden in validations. When rules are specified, container MUST set RestartPolicy explicitly even it if matches the Pod's RestartPolicy.
SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.
12 nested properties
AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
AppArmorProfile defines a pod or container's AppArmor settings.
Adds and removes POSIX capabilities from running containers.
Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
WindowsSecurityContextOptions contain Windows-specific options and credentials.
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
10 nested properties
ExecAction describes a "run in container" action.
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
GRPCAction specifies an action involving a GRPC service.
HTTPGetAction describes an action based on HTTP Get requests.
Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
TCPSocketAction describes an action based on opening a socket
Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
volumeDevices is the list of block devices to be used by the container.
Pod volumes to mount into the container's filesystem. Cannot be updated.
Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
3 nested properties
ContainerSetRetryStrategy provides controls on how to retry a container set
2 nested properties
Duration is the time between each retry, examples values are "300ms", "1s" or "5m". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
Daemon will allow a workflow to proceed to the next step so long as the container reaches readiness
DAGTemplate is a template subtype for directed acyclic graph templates
3 nested properties
Tasks are a list of DAG tasks MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
This flag is for DAG logic. The DAG logic has a built-in "fail fast" feature to stop scheduling new steps, as soon as it detects that one of the DAG nodes is failed. Then it waits until all DAG nodes are completed before failing the DAG itself. The FailFast flag default is true, if set to false, it will allow a DAG to run all branches of the DAG to completion (either success or failure), regardless of the failed outcomes of branches in the DAG. More info and example about this feature at https://github.com/argoproj/argo-workflows/issues/1442
Target are one or more names of targets to execute in a DAG
Data is a data template
2 nested properties
DataSource sources external data into a data template
1 nested properties
ArtifactPaths expands a step from a collection of artifacts
Transformation applies a set of transformations
ExecutorConfig holds configurations of an executor container.
1 nested properties
ServiceAccountName specifies the service account name of the executor container.
FailFast, if specified, will fail this template if any of its child pods has failed. This is useful for when this template is expanded with withItems, etc.
HostAliases is an optional list of hosts and IPs that will be injected into the pod spec
8 nested properties
URL of the HTTP Request
Body is content of the HTTP Request
HTTPBodySource contains the source of the HTTP body.
1 nested properties
Headers are an optional list of headers to send with HTTP requests
InsecureSkipVerify is a bool when if set to true will skip TLS verification for the HTTP client
Method is HTTP methods for HTTP Request
SuccessCondition is an expression if evaluated to true is considered successful
TimeoutSeconds is request timeout for HTTP Request. Default is 30 seconds
InitContainers is a list of containers which run before the main container.
Inputs are the mechanism for passing parameters, artifacts, volumes from one template to another
2 nested properties
Artifact are a list of artifacts passed as inputs
Parameters are a list of parameters passed as inputs MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
Memoization enables caching for the Outputs of the template
3 nested properties
Cache is the configuration for the type of cache to be used
1 nested properties
LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
Key is the key to use as the caching key
MaxAge is the maximum age (e.g. "180s", "24h") of an entry that is still considered valid. If an entry is older than the MaxAge, it will be ignored.
Pod metadata
2 nested properties
Metrics are a list of metrics emitted from a Workflow/Template
1 nested properties
Prometheus is a list of prometheus metrics to be emitted MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
Name is the name of the template
NodeSelector is a selector to schedule this step of the workflow to be run on the selected node(s). Overrides the selector set at the workflow level.
Outputs hold parameters, artifacts, and results from a step
4 nested properties
Artifacts holds the list of output artifacts produced by a step
ExitCode holds the exit code of a script template
Parameters holds the list of output parameters produced by a step
Result holds the result (stdout) of a script or container template, or the response body of an HTTP template
Parallelism limits the max total parallel pods that can execute at the same time within the boundaries of this template invocation. If additional steps/dag templates are invoked, the pods created by those templates will not be counted towards this total.
Plugin is an Object with exactly one key
PodSpecPatch holds strategic merge patch to apply against the pod spec. Allows parameterization of container fields which are not strings (e.g. resource limits).
PriorityClassName to apply to workflow pods.
ResourceTemplate is a template subtype to manipulate kubernetes resources
8 nested properties
Action is the action to perform to the resource. Must be one of: get, create, apply, delete, replace, patch
FailureCondition is a label selector expression which describes the conditions of the k8s resource in which the step was considered failed
Flags is a set of additional options passed to kubectl before submitting a resource I.e. to disable resource validation: flags: [ "--validate=false" # disable resource validation ]
Manifest contains the kubernetes manifest
1 nested properties
Artifact indicates an artifact to place at a specified path
MergeStrategy is the strategy used to merge a patch. It defaults to "strategic" Must be one of: strategic, merge, json
SetOwnerReference sets the reference to the workflow on the OwnerReference of generated resource.
SuccessCondition is a label selector expression which describes the conditions of the k8s resource in which it is acceptable to proceed to the following step
RetryStrategy provides controls on how to retry a workflow step
5 nested properties
RetryAffinity prevents running steps on the same host.
1 nested properties
RetryNodeAntiAffinity is a placeholder for future expansion, only empty nodeAntiAffinity is allowed. In order to prevent running steps on the same host, it uses "kubernetes.io/hostname".
Backoff is a backoff strategy to use within retryStrategy
4 nested properties
Cap is a limit on revised values of the duration parameter. If a multiplication by the factor parameter would make the duration exceed the cap then the duration is set to the cap
Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h")
MaxDuration is the maximum amount of time allowed for a workflow in the backoff strategy. It is important to note that if the workflow template includes activeDeadlineSeconds, the pod's deadline is initially set with activeDeadlineSeconds. However, when the workflow fails, the pod's deadline is then overridden by maxDuration. This ensures that the workflow does not exceed the specified maximum duration when retries are involved.
Expression is a condition expression for when a node will be retried. If it evaluates to false, the node will not be retried and the retry strategy will be ignored
RetryPolicy is a policy of NodePhase statuses that will be retried
If specified, the pod will be dispatched by specified scheduler. Or it will be dispatched by workflow scope scheduler if specified. If neither specified, the pod will be dispatched by default scheduler.
ScriptTemplate is a template subtype to enable scripting through code steps
26 nested properties
Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
Source contains the source code of the script to execute
Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
List of environment variables to set in the container. Cannot be updated.
List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.
3 nested properties
LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
StopSignal defines which signal will be sent to a container when it is being stopped. If not specified, the default is defined by the container runtime in use. StopSignal can only be set for Pods with a non-empty .spec.os.name
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
10 nested properties
ExecAction describes a "run in container" action.
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
GRPCAction specifies an action involving a GRPC service.
HTTPGetAction describes an action based on HTTP Get requests.
Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
TCPSocketAction describes an action based on opening a socket
Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
10 nested properties
ExecAction describes a "run in container" action.
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
GRPCAction specifies an action involving a GRPC service.
HTTPGetAction describes an action based on HTTP Get requests.
Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
TCPSocketAction describes an action based on opening a socket
Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Resources resize policy for the container. This field cannot be set on ephemeral containers.
ResourceRequirements describes the compute resource requirements.
3 nested properties
Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
This field depends on the DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
RestartPolicy defines the restart behavior of individual containers in a pod. This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Additionally, setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.
Represents a list of rules to be checked to determine if the container should be restarted on exit. The rules are evaluated in order. Once a rule matches a container exit condition, the remaining rules are ignored. If no rule matches the container exit condition, the Container-level restart policy determines the whether the container is restarted or not. Constraints on the rules: - At most 20 rules are allowed. - Rules can have the same action. - Identical rules are not forbidden in validations. When rules are specified, container MUST set RestartPolicy explicitly even it if matches the Pod's RestartPolicy.
SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.
12 nested properties
AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
AppArmorProfile defines a pod or container's AppArmor settings.
Adds and removes POSIX capabilities from running containers.
Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
WindowsSecurityContextOptions contain Windows-specific options and credentials.
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
10 nested properties
ExecAction describes a "run in container" action.
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
GRPCAction specifies an action involving a GRPC service.
HTTPGetAction describes an action based on HTTP Get requests.
Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
TCPSocketAction describes an action based on opening a socket
Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
volumeDevices is the list of block devices to be used by the container.
Pod volumes to mount into the container's filesystem. Cannot be updated.
Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
13 nested properties
AppArmorProfile defines a pod or container's AppArmor settings.
2 nested properties
type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost".
A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:
- The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw----
If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.
fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. Valid values are "MountOption" and "Recursive".
"Recursive" means relabeling of all files on all Pod volumes by the container runtime. This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.
"MountOption" mounts all eligible Pod volumes with -o context mount option. This requires all Pods that share the same volume to use the same SELinux label. It is not possible to share the same volume among privileged and unprivileged Pods. Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their CSIDriver instance. Other volumes are always re-labelled recursively. "MountOption" value is allowed only when SELinuxMount feature gate is enabled.
If not specified and SELinuxMount feature gate is enabled, "MountOption" is used. If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes and "Recursive" for all other volumes.
This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.
All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. Note that this field cannot be set when spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
4 nested properties
Level is SELinux level label that applies to the container.
Role is a SELinux role label that applies to the container.
Type is a SELinux type label that applies to the container.
User is a SELinux user label that applies to the container.
SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
2 nested properties
type indicates which kind of seccomp profile will be applied. Valid options are:
Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.
Defines how supplemental groups of the first container processes are calculated. Valid values are "Merge" and "Strict". If not specified, "Merge" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.
WindowsSecurityContextOptions contain Windows-specific options and credentials.
4 nested properties
GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
GMSACredentialSpecName is the name of the GMSA credential spec to use.
HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
ServiceAccountName to apply to workflow pods
Sidecars is a list of containers which run alongside the main container Sidecars are automatically killed when the main container completes
Steps define a series of sequential/parallel workflow steps
SuspendTemplate is a template subtype to suspend a workflow at a predetermined point in time
1 nested properties
Duration is the seconds to wait before automatically resuming a template. Must be a string. Default unit is seconds. Could also be a Duration, e.g.: "2m", "6h"
Synchronization holds synchronization lock configuration
2 nested properties
v3.6 and after: Mutexes holds the list of Mutex lock details
v3.6 and after: Semaphores holds the list of Semaphores configuration
Timeout allows to set the total node execution timeout duration counting from the node's start time. This duration also includes time in which the node spends in Pending state. This duration may not be applied to Step or DAG templates.
Tolerations to apply to workflow pods.
Volumes is a list of volumes that can be mounted by containers in a template.
TemplateRef is a reference of template resource.
ClusterScope indicates the referred template is cluster scoped (i.e. a ClusterWorkflowTemplate).
Name is the resource name of the template.
Template is the name of referred template in the resource.
Expression defines an expr expression to apply
CronWorkflow is the definition of a scheduled workflow resource
5 nested properties
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
15 nested properties
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will return a 409.
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
CronWorkflowSpec is the specification of a CronWorkflow
11 nested properties
v3.6 and after: Schedules is a list of schedules to run the Workflow in Cron format
WorkflowSpec is the specification of a Workflow.
ConcurrencyPolicy is the K8s-style concurrency policy that will be used
FailedJobsHistoryLimit is the number of failed jobs to be kept at a time
StartingDeadlineSeconds is the K8s-style deadline that will limit the time a CronWorkflow will be run after its original scheduled time if it is missed.
StopStrategy defines if the CronWorkflow should stop scheduling based on an expression. v3.6 and after
SuccessfulJobsHistoryLimit is the number of successful jobs to be kept at a time
Suspend is a flag that will stop new CronWorkflows from running if set to true
Timezone is the timezone against which the cron schedule will be calculated, e.g. "Asia/Tokyo". Default is machine's local time.
v3.6 and after: When is an expression that determines if a run should be scheduled.
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
CronWorkflowStatus is the status of a CronWorkflow
6 nested properties
Active is a list of active workflows stemming from this CronWorkflow
Conditions is a list of conditions the CronWorkflow may have
v3.6 and after: Failed counts how many times child workflows failed
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
v3.6 and after: Phase is an enum of Active or Stopped. It changes to Stopped when stopStrategy.expression is true
v3.6 and after: Succeeded counts how many times child workflows succeeded
DEPRECATED: This field is ignored.
UserContainer is a container specified by a user.
Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
List of environment variables to set in the container. Cannot be updated.
List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.
3 nested properties
LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
StopSignal defines which signal will be sent to a container when it is being stopped. If not specified, the default is defined by the container runtime in use. StopSignal can only be set for Pods with a non-empty .spec.os.name
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
10 nested properties
ExecAction describes a "run in container" action.
1 nested properties
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
GRPCAction specifies an action involving a GRPC service.
2 nested properties
Port number of the gRPC service. Number must be in the range 1 to 65535.
Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
HTTPGetAction describes an action based on HTTP Get requests.
5 nested properties
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
Custom headers to set in the request. HTTP allows repeated headers.
Path to access on the HTTP server.
Scheme to use for connecting to the host. Defaults to HTTP.
Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
TCPSocketAction describes an action based on opening a socket
2 nested properties
Optional: Host name to connect to, defaults to the pod IP.
Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
MirrorVolumeMounts will mount the same volumes specified in the main container to the container (including artifacts), at the same mountPaths. This enables dind daemon to partially see the same filesystem as the main container in order to use features such as docker volume binding
List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
10 nested properties
ExecAction describes a "run in container" action.
1 nested properties
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
GRPCAction specifies an action involving a GRPC service.
2 nested properties
Port number of the gRPC service. Number must be in the range 1 to 65535.
Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
HTTPGetAction describes an action based on HTTP Get requests.
5 nested properties
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
Custom headers to set in the request. HTTP allows repeated headers.
Path to access on the HTTP server.
Scheme to use for connecting to the host. Defaults to HTTP.
Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
TCPSocketAction describes an action based on opening a socket
2 nested properties
Optional: Host name to connect to, defaults to the pod IP.
Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Resources resize policy for the container. This field cannot be set on ephemeral containers.
ResourceRequirements describes the compute resource requirements.
3 nested properties
Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
This field depends on the DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
RestartPolicy defines the restart behavior of individual containers in a pod. This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Additionally, setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.
Represents a list of rules to be checked to determine if the container should be restarted on exit. The rules are evaluated in order. Once a rule matches a container exit condition, the remaining rules are ignored. If no rule matches the container exit condition, the Container-level restart policy determines the whether the container is restarted or not. Constraints on the rules: - At most 20 rules are allowed. - Rules can have the same action. - Identical rules are not forbidden in validations. When rules are specified, container MUST set RestartPolicy explicitly even it if matches the Pod's RestartPolicy.
SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.
12 nested properties
AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
AppArmorProfile defines a pod or container's AppArmor settings.
2 nested properties
type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost".
Adds and removes POSIX capabilities from running containers.
2 nested properties
Added capabilities
Removed capabilities
Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
4 nested properties
Level is SELinux level label that applies to the container.
Role is a SELinux role label that applies to the container.
Type is a SELinux type label that applies to the container.
User is a SELinux user label that applies to the container.
SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
2 nested properties
type indicates which kind of seccomp profile will be applied. Valid options are:
Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
WindowsSecurityContextOptions contain Windows-specific options and credentials.
4 nested properties
GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
GMSACredentialSpecName is the name of the GMSA credential spec to use.
HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
10 nested properties
ExecAction describes a "run in container" action.
1 nested properties
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
GRPCAction specifies an action involving a GRPC service.
2 nested properties
Port number of the gRPC service. Number must be in the range 1 to 65535.
Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
HTTPGetAction describes an action based on HTTP Get requests.
5 nested properties
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
Custom headers to set in the request. HTTP allows repeated headers.
Path to access on the HTTP server.
Scheme to use for connecting to the host. Defaults to HTTP.
Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
TCPSocketAction describes an action based on opening a socket
2 nested properties
Optional: Host name to connect to, defaults to the pod IP.
Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
volumeDevices is the list of block devices to be used by the container.
Pod volumes to mount into the container's filesystem. Cannot be updated.
Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
ValueFrom describes a location in which to obtain the value to a parameter
Selects a key from a ConfigMap.
3 nested properties
The key to select.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the ConfigMap or its key must be defined
Default specifies a value to be used if retrieving the value from the specified source fails
Selector (https://github.com/expr-lang/expr) that is evaluated against the event to get the value of the parameter. E.g. payload.message
Expression, if defined, is evaluated to specify the value for the parameter
JQFilter expression against the resource object in resource templates
JSONPath of a resource to retrieve an output parameter value from in resource templates
Parameter reference to a step or dag task in which to retrieve an output parameter value from (e.g. '{{steps.mystep.outputs.myparam}}')
Path in the container to retrieve an output parameter value from in container templates
SuppliedValueFrom is a placeholder for a value to be filled in directly, either through the CLI, API, etc.
VolumeClaimGC describes how to delete volumes from completed Workflows
Strategy is the strategy to use. One of "OnWorkflowCompletion", "OnWorkflowSuccess". Defaults to "OnWorkflowSuccess"
Workflow is the definition of a workflow resource
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
15 nested properties
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will return a 409.
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
WorkflowSpec is the specification of a Workflow.
41 nested properties
Optional duration in seconds relative to the workflow start time which the workflow is allowed to run before the controller terminates the io.argoproj.workflow.v1alpha1. A value of zero is used to terminate a Running workflow
Affinity is a group of affinity scheduling rules.
ArchiveLogs indicates if the container logs should be archived
Arguments to a template
2 nested properties
Artifacts is the list of artifacts to pass to the template or workflow
Parameters is the list of parameters to pass to the template or workflow
WorkflowLevelArtifactGC describes how to delete artifacts from completed Workflows - this spec is used on the Workflow level
5 nested properties
ForceFinalizerRemoval: if set to true, the finalizer will be removed in the case that Artifact GC fails
Pod metadata
PodSpecPatch holds strategic merge patch to apply against the artgc pod spec.
ServiceAccountName is an optional field for specifying the Service Account that should be assigned to the Pod doing the deletion
Strategy is the strategy to use.
2 nested properties
The name of the config map. Defaults to "artifact-repositories".
The config map key. Defaults to the value of the "workflows.argoproj.io/default-artifact-repository" annotation.
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in pods. ServiceAccountName of ExecutorConfig must be specified if this value is false.
PodDNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.
3 nested properties
A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.
A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.
A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.
Set DNS policy for workflow pods. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
Entrypoint is a template reference to the starting point of the io.argoproj.workflow.v1alpha1.
ExecutorConfig holds configurations of an executor container.
1 nested properties
ServiceAccountName specifies the service account name of the executor container.
Hooks holds the lifecycle hook which is invoked at lifecycle of step, irrespective of the success, failure, or error status of the primary step
Host networking requested for this workflow pod. Default to false.
ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
Metrics are a list of metrics emitted from a Workflow/Template
1 nested properties
Prometheus is a list of prometheus metrics to be emitted MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
NodeSelector is a selector which will result in all pods of the workflow to be scheduled on the selected node(s). This is able to be overridden by a nodeSelector specified in the template.
OnExit is a template reference which is invoked at the end of the workflow, irrespective of the success, failure, or error of the primary io.argoproj.workflow.v1alpha1.
Parallelism limits the max total parallel pods that can execute at the same time in a workflow
PodDisruptionBudgetSpec is a description of a PodDisruptionBudget.
4 nested properties
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods should be considered for eviction. Current implementation considers healthy pods, as pods that have status.conditions item with type="Ready",status="True".
Valid policies are IfHealthyBudget and AlwaysAllow. If no policy is specified, the default behavior will be used, which corresponds to the IfHealthyBudget policy.
IfHealthyBudget policy means that running pods (status.phase="Running"), but not yet healthy can be evicted only if the guarded application is not disrupted (status.currentHealthy is at least equal to status.desiredHealthy). Healthy pods will be subject to the PDB for eviction.
AlwaysAllow policy means that all running pods (status.phase="Running"), but not yet healthy are considered disrupted and can be evicted regardless of whether the criteria in a PDB is met. This means perspective running pods of a disrupted application might not get a chance to become healthy. Healthy pods will be subject to the PDB for eviction.
Additional policies may be added in the future. Clients making eviction decisions should disallow eviction of unhealthy pods if they encounter an unrecognized policy in this field.
PodGC describes how to delete completed pods as they complete
3 nested properties
DeleteDelayDuration specifies the duration before pods in the GC queue get deleted.
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
Strategy is the strategy to use. One of "OnPodCompletion", "OnPodSuccess", "OnWorkflowCompletion", "OnWorkflowSuccess". If unset, does not delete Pods
Pod metadata
2 nested properties
PriorityClassName to apply to workflow pods.
PodSpecPatch holds strategic merge patch to apply against the pod spec. Allows parameterization of container fields which are not strings (e.g. resource limits).
Priority is used if controller is configured to process limited number of workflows in parallel. Workflows with higher priority are processed first.
RetryStrategy provides controls on how to retry a workflow step
5 nested properties
RetryAffinity prevents running steps on the same host.
Backoff is a backoff strategy to use within retryStrategy
Expression is a condition expression for when a node will be retried. If it evaluates to false, the node will not be retried and the retry strategy will be ignored
RetryPolicy is a policy of NodePhase statuses that will be retried
Set scheduler name for all pods. Will be overridden if container/script template's scheduler name is set. Default scheduler will be used if neither specified.
PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
13 nested properties
AppArmorProfile defines a pod or container's AppArmor settings.
A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:
- The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw----
If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.
fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. Valid values are "MountOption" and "Recursive".
"Recursive" means relabeling of all files on all Pod volumes by the container runtime. This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.
"MountOption" mounts all eligible Pod volumes with -o context mount option. This requires all Pods that share the same volume to use the same SELinux label. It is not possible to share the same volume among privileged and unprivileged Pods. Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their CSIDriver instance. Other volumes are always re-labelled recursively. "MountOption" value is allowed only when SELinuxMount feature gate is enabled.
If not specified and SELinuxMount feature gate is enabled, "MountOption" is used. If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes and "Recursive" for all other volumes.
This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.
All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. Note that this field cannot be set when spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.
Defines how supplemental groups of the first container processes are calculated. Valid values are "Merge" and "Strict". If not specified, "Merge" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.
WindowsSecurityContextOptions contain Windows-specific options and credentials.
ServiceAccountName is the name of the ServiceAccount to run all pods of the workflow as.
Shutdown will shutdown the workflow according to its ShutdownStrategy
Suspend will suspend the workflow and prevent execution of any future steps in the workflow
Synchronization holds synchronization lock configuration
2 nested properties
v3.6 and after: Mutexes holds the list of Mutex lock details
v3.6 and after: Semaphores holds the list of Semaphores configuration
Template is a reusable and composable unit of execution in a workflow
39 nested properties
Affinity is a group of affinity scheduling rules.
Annotations is a list of annotations to add to the template at runtime
ArtifactLocation describes a location for a single or multiple artifacts. It is used as single artifact in the context of inputs/outputs (e.g. outputs.artifacts.artname). It is also used to describe the location of multiple artifacts such as the archive location of a single workflow step, which the executor will use as a default location to store its files.
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in pods. ServiceAccountName of ExecutorConfig must be specified if this value is false.
A single application container that you want to run within a pod.
Daemon will allow a workflow to proceed to the next step so long as the container reaches readiness
DAGTemplate is a template subtype for directed acyclic graph templates
Data is a data template
ExecutorConfig holds configurations of an executor container.
FailFast, if specified, will fail this template if any of its child pods has failed. This is useful for when this template is expanded with withItems, etc.
HostAliases is an optional list of hosts and IPs that will be injected into the pod spec
InitContainers is a list of containers which run before the main container.
Inputs are the mechanism for passing parameters, artifacts, volumes from one template to another
Memoization enables caching for the Outputs of the template
Pod metadata
Metrics are a list of metrics emitted from a Workflow/Template
Name is the name of the template
NodeSelector is a selector to schedule this step of the workflow to be run on the selected node(s). Overrides the selector set at the workflow level.
Outputs hold parameters, artifacts, and results from a step
Parallelism limits the max total parallel pods that can execute at the same time within the boundaries of this template invocation. If additional steps/dag templates are invoked, the pods created by those templates will not be counted towards this total.
Plugin is an Object with exactly one key
PodSpecPatch holds strategic merge patch to apply against the pod spec. Allows parameterization of container fields which are not strings (e.g. resource limits).
PriorityClassName to apply to workflow pods.
ResourceTemplate is a template subtype to manipulate kubernetes resources
RetryStrategy provides controls on how to retry a workflow step
If specified, the pod will be dispatched by specified scheduler. Or it will be dispatched by workflow scope scheduler if specified. If neither specified, the pod will be dispatched by default scheduler.
ScriptTemplate is a template subtype to enable scripting through code steps
PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
ServiceAccountName to apply to workflow pods
Sidecars is a list of containers which run alongside the main container Sidecars are automatically killed when the main container completes
Steps define a series of sequential/parallel workflow steps
SuspendTemplate is a template subtype to suspend a workflow at a predetermined point in time
Synchronization holds synchronization lock configuration
Timeout allows to set the total node execution timeout duration counting from the node's start time. This duration also includes time in which the node spends in Pending state. This duration may not be applied to Step or DAG templates.
Tolerations to apply to workflow pods.
Volumes is a list of volumes that can be mounted by containers in a template.
Templates is a list of workflow templates used in a workflow MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
Tolerations to apply to workflow pods.
TTLStrategy is the strategy for the time to live depending on if the workflow succeeded or failed
3 nested properties
SecondsAfterCompletion is the number of seconds to live after completion
SecondsAfterFailure is the number of seconds to live after failure
SecondsAfterSuccess is the number of seconds to live after success
VolumeClaimGC describes how to delete volumes from completed Workflows
1 nested properties
Strategy is the strategy to use. One of "OnWorkflowCompletion", "OnWorkflowSuccess". Defaults to "OnWorkflowSuccess"
VolumeClaimTemplates is a list of claims that containers are allowed to reference. The Workflow controller will create the claims at the beginning of the workflow and delete the claims upon completion of the workflow
Volumes is a list of volumes that can be mounted by containers in a io.argoproj.workflow.v1alpha1.
3 nested properties
WorkflowTemplateRef is a reference to a WorkflowTemplate resource.
2 nested properties
ClusterScope indicates the referred template is cluster scoped (i.e. a ClusterWorkflowTemplate).
Name is the resource name of the workflow template.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
WorkflowStatus contains overall status information about a workflow
19 nested properties
ArtGCStatus maintains state related to ArtifactGC
3 nested properties
if this is true, we already checked to see if we need to do it and we don't
have completed Pods been processed? (mapped by Pod name) used to prevent re-processing the Status of a Pod more than once
have Pods been started to perform this strategy? (enables us not to re-process what we've already done)
5 nested properties
ArtifactRepository represents an artifact repository in which a controller will store its artifacts
The name of the config map. Defaults to "artifact-repositories".
If this ref represents the default artifact repository, rather than a config map.
The config map key. Defaults to the value of the "workflows.argoproj.io/default-artifact-repository" annotation.
The namespace of the config map. Defaults to the workflow's namespace, or the controller's namespace (if found).
Compressed and base64 decoded Nodes map
Conditions is a list of conditions the Workflow may have
EstimatedDuration in seconds.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
A human readable message indicating details about why the workflow is in this condition.
Nodes is a mapping between a node ID and the node's status.
Whether on not node status has been offloaded to a database. If exists, then Nodes and CompressedNodes will be empty. This will actually be populated with a hash of the offloaded data.
Outputs hold parameters, artifacts, and results from a step
4 nested properties
Artifacts holds the list of output artifacts produced by a step
ExitCode holds the exit code of a script template
Parameters holds the list of output parameters produced by a step
Result holds the result (stdout) of a script or container template, or the response body of an HTTP template
PersistentVolumeClaims tracks all PVCs that were created as part of the io.argoproj.workflow.v1alpha1. The contents of this list are drained at the end of the workflow.
Phase a simple, high-level summary of where the workflow is in its lifecycle. Will be "" (Unknown), "Pending", or "Running" before the workflow is completed, and "Succeeded", "Failed" or "Error" once the workflow has completed.
Progress to completion
ResourcesDuration is the total for the workflow
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
StoredTemplates is a mapping between a template ref and the node's status.
WorkflowSpec is the specification of a Workflow.
41 nested properties
Optional duration in seconds relative to the workflow start time which the workflow is allowed to run before the controller terminates the io.argoproj.workflow.v1alpha1. A value of zero is used to terminate a Running workflow
Affinity is a group of affinity scheduling rules.
ArchiveLogs indicates if the container logs should be archived
Arguments to a template
WorkflowLevelArtifactGC describes how to delete artifacts from completed Workflows - this spec is used on the Workflow level
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in pods. ServiceAccountName of ExecutorConfig must be specified if this value is false.
PodDNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.
Set DNS policy for workflow pods. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
Entrypoint is a template reference to the starting point of the io.argoproj.workflow.v1alpha1.
ExecutorConfig holds configurations of an executor container.
Hooks holds the lifecycle hook which is invoked at lifecycle of step, irrespective of the success, failure, or error status of the primary step
Host networking requested for this workflow pod. Default to false.
ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
Metrics are a list of metrics emitted from a Workflow/Template
NodeSelector is a selector which will result in all pods of the workflow to be scheduled on the selected node(s). This is able to be overridden by a nodeSelector specified in the template.
OnExit is a template reference which is invoked at the end of the workflow, irrespective of the success, failure, or error of the primary io.argoproj.workflow.v1alpha1.
Parallelism limits the max total parallel pods that can execute at the same time in a workflow
PodDisruptionBudgetSpec is a description of a PodDisruptionBudget.
PodGC describes how to delete completed pods as they complete
Pod metadata
PriorityClassName to apply to workflow pods.
PodSpecPatch holds strategic merge patch to apply against the pod spec. Allows parameterization of container fields which are not strings (e.g. resource limits).
Priority is used if controller is configured to process limited number of workflows in parallel. Workflows with higher priority are processed first.
RetryStrategy provides controls on how to retry a workflow step
Set scheduler name for all pods. Will be overridden if container/script template's scheduler name is set. Default scheduler will be used if neither specified.
PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
ServiceAccountName is the name of the ServiceAccount to run all pods of the workflow as.
Shutdown will shutdown the workflow according to its ShutdownStrategy
Suspend will suspend the workflow and prevent execution of any future steps in the workflow
Synchronization holds synchronization lock configuration
Template is a reusable and composable unit of execution in a workflow
Templates is a list of workflow templates used in a workflow MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
Tolerations to apply to workflow pods.
TTLStrategy is the strategy for the time to live depending on if the workflow succeeded or failed
VolumeClaimGC describes how to delete volumes from completed Workflows
VolumeClaimTemplates is a list of claims that containers are allowed to reference. The Workflow controller will create the claims at the beginning of the workflow and delete the claims upon completion of the workflow
Volumes is a list of volumes that can be mounted by containers in a io.argoproj.workflow.v1alpha1.
WorkflowTemplateRef is a reference to a WorkflowTemplate resource.
SynchronizationStatus stores the status of semaphore and mutex.
TaskResultsCompletionStatus tracks task result completion status (mapped by node ID). Used to prevent premature archiving and garbage collection.
CreateOptions may be provided when creating an API object.
3 nested properties
This field is no longer used.
Workflow is the definition of a workflow resource
5 nested properties
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
15 nested properties
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will return a 409.
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
WorkflowSpec is the specification of a Workflow.
41 nested properties
Optional duration in seconds relative to the workflow start time which the workflow is allowed to run before the controller terminates the io.argoproj.workflow.v1alpha1. A value of zero is used to terminate a Running workflow
Affinity is a group of affinity scheduling rules.
ArchiveLogs indicates if the container logs should be archived
Arguments to a template
WorkflowLevelArtifactGC describes how to delete artifacts from completed Workflows - this spec is used on the Workflow level
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in pods. ServiceAccountName of ExecutorConfig must be specified if this value is false.
PodDNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.
Set DNS policy for workflow pods. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
Entrypoint is a template reference to the starting point of the io.argoproj.workflow.v1alpha1.
ExecutorConfig holds configurations of an executor container.
Hooks holds the lifecycle hook which is invoked at lifecycle of step, irrespective of the success, failure, or error status of the primary step
Host networking requested for this workflow pod. Default to false.
ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
Metrics are a list of metrics emitted from a Workflow/Template
NodeSelector is a selector which will result in all pods of the workflow to be scheduled on the selected node(s). This is able to be overridden by a nodeSelector specified in the template.
OnExit is a template reference which is invoked at the end of the workflow, irrespective of the success, failure, or error of the primary io.argoproj.workflow.v1alpha1.
Parallelism limits the max total parallel pods that can execute at the same time in a workflow
PodDisruptionBudgetSpec is a description of a PodDisruptionBudget.
PodGC describes how to delete completed pods as they complete
Pod metadata
PriorityClassName to apply to workflow pods.
PodSpecPatch holds strategic merge patch to apply against the pod spec. Allows parameterization of container fields which are not strings (e.g. resource limits).
Priority is used if controller is configured to process limited number of workflows in parallel. Workflows with higher priority are processed first.
RetryStrategy provides controls on how to retry a workflow step
Set scheduler name for all pods. Will be overridden if container/script template's scheduler name is set. Default scheduler will be used if neither specified.
PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
ServiceAccountName is the name of the ServiceAccount to run all pods of the workflow as.
Shutdown will shutdown the workflow according to its ShutdownStrategy
Suspend will suspend the workflow and prevent execution of any future steps in the workflow
Synchronization holds synchronization lock configuration
Template is a reusable and composable unit of execution in a workflow
Templates is a list of workflow templates used in a workflow MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
Tolerations to apply to workflow pods.
TTLStrategy is the strategy for the time to live depending on if the workflow succeeded or failed
VolumeClaimGC describes how to delete volumes from completed Workflows
VolumeClaimTemplates is a list of claims that containers are allowed to reference. The Workflow controller will create the claims at the beginning of the workflow and delete the claims upon completion of the workflow
Volumes is a list of volumes that can be mounted by containers in a io.argoproj.workflow.v1alpha1.
WorkflowTemplateRef is a reference to a WorkflowTemplate resource.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
WorkflowStatus contains overall status information about a workflow
19 nested properties
ArtGCStatus maintains state related to ArtifactGC
Compressed and base64 decoded Nodes map
Conditions is a list of conditions the Workflow may have
EstimatedDuration in seconds.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
A human readable message indicating details about why the workflow is in this condition.
Nodes is a mapping between a node ID and the node's status.
Whether on not node status has been offloaded to a database. If exists, then Nodes and CompressedNodes will be empty. This will actually be populated with a hash of the offloaded data.
Outputs hold parameters, artifacts, and results from a step
PersistentVolumeClaims tracks all PVCs that were created as part of the io.argoproj.workflow.v1alpha1. The contents of this list are drained at the end of the workflow.
Phase a simple, high-level summary of where the workflow is in its lifecycle. Will be "" (Unknown), "Pending", or "Running" before the workflow is completed, and "Succeeded", "Failed" or "Error" once the workflow has completed.
Progress to completion
ResourcesDuration is the total for the workflow
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
StoredTemplates is a mapping between a template ref and the node's status.
WorkflowSpec is the specification of a Workflow.
SynchronizationStatus stores the status of semaphore and mutex.
TaskResultsCompletionStatus tracks task result completion status (mapped by node ID). Used to prevent premature archiving and garbage collection.
WorkflowEventBinding is the definition of an event resource
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
15 nested properties
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will return a 409.
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
2 nested properties
1 nested properties
Selector (https://github.com/expr-lang/expr) that we must must match the io.argoproj.workflow.v1alpha1. E.g. payload.message == "test"
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
WorkflowEventBindingList is list of event resources
ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.
4 nested properties
continue may be set if the user set a limit on the number of items returned, and indicates that the server has more data available. The value is opaque and may be used to issue another request to the endpoint that served this list to retrieve the next set of available objects. Continuing a consistent list may not be possible if the server configuration has changed or more than a few minutes have passed. The resourceVersion field returned when using this continue value will be identical to the value in the first response, unless you have received this token from an error message.
remainingItemCount is the number of subsequent items in the list which are not included in this list response. If the list request contained label or field selectors, then the number of remaining items is unknown and the field will be left unset and omitted during serialization. If the list is complete (either because it is not chunking or because this is the last chunk), then there are no more remaining items and this field will be left unset and omitted during serialization. Servers older than v1.15 do not set this field. The intended use of the remainingItemCount is estimating the size of a collection. Clients should not rely on the remainingItemCount to be set or to be exact.
String that identifies the server's internal version of this object that can be used by clients to determine when objects have changed. Value must be treated as opaque by clients and passed unmodified back to the server. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
1 nested properties
Selector (https://github.com/expr-lang/expr) that we must must match the io.argoproj.workflow.v1alpha1. E.g. payload.message == "test"
3 nested properties
WorkflowTemplateRef is a reference to a WorkflowTemplate resource.
2 nested properties
ClusterScope indicates the referred template is cluster scoped (i.e. a ClusterWorkflowTemplate).
Name is the resource name of the workflow template.
Arguments to a template
2 nested properties
Artifacts is the list of artifacts to pass to the template or workflow
Parameters is the list of parameters to pass to the template or workflow
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
15 nested properties
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will return a 409.
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
WorkflowLevelArtifactGC describes how to delete artifacts from completed Workflows - this spec is used on the Workflow level
ForceFinalizerRemoval: if set to true, the finalizer will be removed in the case that Artifact GC fails
Pod metadata
2 nested properties
PodSpecPatch holds strategic merge patch to apply against the artgc pod spec.
ServiceAccountName is an optional field for specifying the Service Account that should be assigned to the Pod doing the deletion
Strategy is the strategy to use.
Workflow is the definition of a workflow resource
5 nested properties
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
15 nested properties
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will return a 409.
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
WorkflowSpec is the specification of a Workflow.
41 nested properties
Optional duration in seconds relative to the workflow start time which the workflow is allowed to run before the controller terminates the io.argoproj.workflow.v1alpha1. A value of zero is used to terminate a Running workflow
Affinity is a group of affinity scheduling rules.
ArchiveLogs indicates if the container logs should be archived
Arguments to a template
WorkflowLevelArtifactGC describes how to delete artifacts from completed Workflows - this spec is used on the Workflow level
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in pods. ServiceAccountName of ExecutorConfig must be specified if this value is false.
PodDNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.
Set DNS policy for workflow pods. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
Entrypoint is a template reference to the starting point of the io.argoproj.workflow.v1alpha1.
ExecutorConfig holds configurations of an executor container.
Hooks holds the lifecycle hook which is invoked at lifecycle of step, irrespective of the success, failure, or error status of the primary step
Host networking requested for this workflow pod. Default to false.
ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
Metrics are a list of metrics emitted from a Workflow/Template
NodeSelector is a selector which will result in all pods of the workflow to be scheduled on the selected node(s). This is able to be overridden by a nodeSelector specified in the template.
OnExit is a template reference which is invoked at the end of the workflow, irrespective of the success, failure, or error of the primary io.argoproj.workflow.v1alpha1.
Parallelism limits the max total parallel pods that can execute at the same time in a workflow
PodDisruptionBudgetSpec is a description of a PodDisruptionBudget.
PodGC describes how to delete completed pods as they complete
Pod metadata
PriorityClassName to apply to workflow pods.
PodSpecPatch holds strategic merge patch to apply against the pod spec. Allows parameterization of container fields which are not strings (e.g. resource limits).
Priority is used if controller is configured to process limited number of workflows in parallel. Workflows with higher priority are processed first.
RetryStrategy provides controls on how to retry a workflow step
Set scheduler name for all pods. Will be overridden if container/script template's scheduler name is set. Default scheduler will be used if neither specified.
PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
ServiceAccountName is the name of the ServiceAccount to run all pods of the workflow as.
Shutdown will shutdown the workflow according to its ShutdownStrategy
Suspend will suspend the workflow and prevent execution of any future steps in the workflow
Synchronization holds synchronization lock configuration
Template is a reusable and composable unit of execution in a workflow
Templates is a list of workflow templates used in a workflow MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
Tolerations to apply to workflow pods.
TTLStrategy is the strategy for the time to live depending on if the workflow succeeded or failed
VolumeClaimGC describes how to delete volumes from completed Workflows
VolumeClaimTemplates is a list of claims that containers are allowed to reference. The Workflow controller will create the claims at the beginning of the workflow and delete the claims upon completion of the workflow
Volumes is a list of volumes that can be mounted by containers in a io.argoproj.workflow.v1alpha1.
WorkflowTemplateRef is a reference to a WorkflowTemplate resource.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
WorkflowStatus contains overall status information about a workflow
19 nested properties
ArtGCStatus maintains state related to ArtifactGC
Compressed and base64 decoded Nodes map
Conditions is a list of conditions the Workflow may have
EstimatedDuration in seconds.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
A human readable message indicating details about why the workflow is in this condition.
Nodes is a mapping between a node ID and the node's status.
Whether on not node status has been offloaded to a database. If exists, then Nodes and CompressedNodes will be empty. This will actually be populated with a hash of the offloaded data.
Outputs hold parameters, artifacts, and results from a step
PersistentVolumeClaims tracks all PVCs that were created as part of the io.argoproj.workflow.v1alpha1. The contents of this list are drained at the end of the workflow.
Phase a simple, high-level summary of where the workflow is in its lifecycle. Will be "" (Unknown), "Pending", or "Running" before the workflow is completed, and "Succeeded", "Failed" or "Error" once the workflow has completed.
Progress to completion
ResourcesDuration is the total for the workflow
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
StoredTemplates is a mapping between a template ref and the node's status.
WorkflowSpec is the specification of a Workflow.
SynchronizationStatus stores the status of semaphore and mutex.
TaskResultsCompletionStatus tracks task result completion status (mapped by node ID). Used to prevent premature archiving and garbage collection.
WorkflowList is list of Workflow resources
ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.
4 nested properties
continue may be set if the user set a limit on the number of items returned, and indicates that the server has more data available. The value is opaque and may be used to issue another request to the endpoint that served this list to retrieve the next set of available objects. Continuing a consistent list may not be possible if the server configuration has changed or more than a few minutes have passed. The resourceVersion field returned when using this continue value will be identical to the value in the first response, unless you have received this token from an error message.
remainingItemCount is the number of subsequent items in the list which are not included in this list response. If the list request contained label or field selectors, then the number of remaining items is unknown and the field will be left unset and omitted during serialization. If the list is complete (either because it is not chunking or because this is the last chunk), then there are no more remaining items and this field will be left unset and omitted during serialization. Servers older than v1.15 do not set this field. The intended use of the remainingItemCount is estimating the size of a collection. Clients should not rely on the remainingItemCount to be set or to be exact.
String that identifies the server's internal version of this object that can be used by clients to determine when objects have changed. Value must be treated as opaque by clients and passed unmodified back to the server. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
WorkflowSpec is the specification of a Workflow.
Optional duration in seconds relative to the workflow start time which the workflow is allowed to run before the controller terminates the io.argoproj.workflow.v1alpha1. A value of zero is used to terminate a Running workflow
Affinity is a group of affinity scheduling rules.
3 nested properties
Node affinity is a group of node affinity scheduling rules.
2 nested properties
The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
A node selector represents the union of the results of one or more label queries over a set of nodes; that is, it represents the OR of the selectors represented by the node selector terms.
Pod affinity is a group of inter pod affinity scheduling rules.
2 nested properties
The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
Pod anti affinity is a group of inter pod anti affinity scheduling rules.
2 nested properties
The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and subtracting "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
ArchiveLogs indicates if the container logs should be archived
Arguments to a template
2 nested properties
Artifacts is the list of artifacts to pass to the template or workflow
Parameters is the list of parameters to pass to the template or workflow
WorkflowLevelArtifactGC describes how to delete artifacts from completed Workflows - this spec is used on the Workflow level
5 nested properties
ForceFinalizerRemoval: if set to true, the finalizer will be removed in the case that Artifact GC fails
Pod metadata
2 nested properties
PodSpecPatch holds strategic merge patch to apply against the artgc pod spec.
ServiceAccountName is an optional field for specifying the Service Account that should be assigned to the Pod doing the deletion
Strategy is the strategy to use.
2 nested properties
The name of the config map. Defaults to "artifact-repositories".
The config map key. Defaults to the value of the "workflows.argoproj.io/default-artifact-repository" annotation.
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in pods. ServiceAccountName of ExecutorConfig must be specified if this value is false.
PodDNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.
3 nested properties
A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.
A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.
A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.
Set DNS policy for workflow pods. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
Entrypoint is a template reference to the starting point of the io.argoproj.workflow.v1alpha1.
ExecutorConfig holds configurations of an executor container.
1 nested properties
ServiceAccountName specifies the service account name of the executor container.
Hooks holds the lifecycle hook which is invoked at lifecycle of step, irrespective of the success, failure, or error status of the primary step
Host networking requested for this workflow pod. Default to false.
ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
Metrics are a list of metrics emitted from a Workflow/Template
1 nested properties
Prometheus is a list of prometheus metrics to be emitted MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
NodeSelector is a selector which will result in all pods of the workflow to be scheduled on the selected node(s). This is able to be overridden by a nodeSelector specified in the template.
OnExit is a template reference which is invoked at the end of the workflow, irrespective of the success, failure, or error of the primary io.argoproj.workflow.v1alpha1.
Parallelism limits the max total parallel pods that can execute at the same time in a workflow
PodDisruptionBudgetSpec is a description of a PodDisruptionBudget.
4 nested properties
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
2 nested properties
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods should be considered for eviction. Current implementation considers healthy pods, as pods that have status.conditions item with type="Ready",status="True".
Valid policies are IfHealthyBudget and AlwaysAllow. If no policy is specified, the default behavior will be used, which corresponds to the IfHealthyBudget policy.
IfHealthyBudget policy means that running pods (status.phase="Running"), but not yet healthy can be evicted only if the guarded application is not disrupted (status.currentHealthy is at least equal to status.desiredHealthy). Healthy pods will be subject to the PDB for eviction.
AlwaysAllow policy means that all running pods (status.phase="Running"), but not yet healthy are considered disrupted and can be evicted regardless of whether the criteria in a PDB is met. This means perspective running pods of a disrupted application might not get a chance to become healthy. Healthy pods will be subject to the PDB for eviction.
Additional policies may be added in the future. Clients making eviction decisions should disallow eviction of unhealthy pods if they encounter an unrecognized policy in this field.
PodGC describes how to delete completed pods as they complete
3 nested properties
DeleteDelayDuration specifies the duration before pods in the GC queue get deleted.
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
2 nested properties
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
Strategy is the strategy to use. One of "OnPodCompletion", "OnPodSuccess", "OnWorkflowCompletion", "OnWorkflowSuccess". If unset, does not delete Pods
Pod metadata
2 nested properties
PriorityClassName to apply to workflow pods.
PodSpecPatch holds strategic merge patch to apply against the pod spec. Allows parameterization of container fields which are not strings (e.g. resource limits).
Priority is used if controller is configured to process limited number of workflows in parallel. Workflows with higher priority are processed first.
RetryStrategy provides controls on how to retry a workflow step
5 nested properties
RetryAffinity prevents running steps on the same host.
1 nested properties
RetryNodeAntiAffinity is a placeholder for future expansion, only empty nodeAntiAffinity is allowed. In order to prevent running steps on the same host, it uses "kubernetes.io/hostname".
Backoff is a backoff strategy to use within retryStrategy
4 nested properties
Cap is a limit on revised values of the duration parameter. If a multiplication by the factor parameter would make the duration exceed the cap then the duration is set to the cap
Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h")
MaxDuration is the maximum amount of time allowed for a workflow in the backoff strategy. It is important to note that if the workflow template includes activeDeadlineSeconds, the pod's deadline is initially set with activeDeadlineSeconds. However, when the workflow fails, the pod's deadline is then overridden by maxDuration. This ensures that the workflow does not exceed the specified maximum duration when retries are involved.
Expression is a condition expression for when a node will be retried. If it evaluates to false, the node will not be retried and the retry strategy will be ignored
RetryPolicy is a policy of NodePhase statuses that will be retried
Set scheduler name for all pods. Will be overridden if container/script template's scheduler name is set. Default scheduler will be used if neither specified.
PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
13 nested properties
AppArmorProfile defines a pod or container's AppArmor settings.
2 nested properties
type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost".
A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:
- The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw----
If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.
fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. Valid values are "MountOption" and "Recursive".
"Recursive" means relabeling of all files on all Pod volumes by the container runtime. This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.
"MountOption" mounts all eligible Pod volumes with -o context mount option. This requires all Pods that share the same volume to use the same SELinux label. It is not possible to share the same volume among privileged and unprivileged Pods. Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their CSIDriver instance. Other volumes are always re-labelled recursively. "MountOption" value is allowed only when SELinuxMount feature gate is enabled.
If not specified and SELinuxMount feature gate is enabled, "MountOption" is used. If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes and "Recursive" for all other volumes.
This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.
All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. Note that this field cannot be set when spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
4 nested properties
Level is SELinux level label that applies to the container.
Role is a SELinux role label that applies to the container.
Type is a SELinux type label that applies to the container.
User is a SELinux user label that applies to the container.
SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
2 nested properties
type indicates which kind of seccomp profile will be applied. Valid options are:
Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.
Defines how supplemental groups of the first container processes are calculated. Valid values are "Merge" and "Strict". If not specified, "Merge" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.
WindowsSecurityContextOptions contain Windows-specific options and credentials.
4 nested properties
GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
GMSACredentialSpecName is the name of the GMSA credential spec to use.
HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
ServiceAccountName is the name of the ServiceAccount to run all pods of the workflow as.
Shutdown will shutdown the workflow according to its ShutdownStrategy
Suspend will suspend the workflow and prevent execution of any future steps in the workflow
Synchronization holds synchronization lock configuration
2 nested properties
v3.6 and after: Mutexes holds the list of Mutex lock details
v3.6 and after: Semaphores holds the list of Semaphores configuration
Template is a reusable and composable unit of execution in a workflow
39 nested properties
Affinity is a group of affinity scheduling rules.
Annotations is a list of annotations to add to the template at runtime
ArtifactLocation describes a location for a single or multiple artifacts. It is used as single artifact in the context of inputs/outputs (e.g. outputs.artifacts.artname). It is also used to describe the location of multiple artifacts such as the archive location of a single workflow step, which the executor will use as a default location to store its files.
11 nested properties
ArchiveLogs indicates if the container logs should be archived
ArtifactoryArtifact is the location of an artifactory artifact
AzureArtifact is the location of an Azure Storage artifact
GCSArtifact is the location of a GCS artifact
GitArtifact is the location of a git artifact
HDFSArtifact is the location of an HDFS artifact
HTTPArtifact allows a file served on HTTP to be placed as an input artifact in a container
OSSArtifact is the location of an Alibaba Cloud OSS artifact
PluginArtifact is the location of a plugin artifact
RawArtifact allows raw string content to be placed as an artifact in a container
S3Artifact is the location of an S3 artifact
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in pods. ServiceAccountName of ExecutorConfig must be specified if this value is false.
A single application container that you want to run within a pod.
25 nested properties
Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
List of environment variables to set in the container. Cannot be updated.
List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
Resources resize policy for the container. This field cannot be set on ephemeral containers.
ResourceRequirements describes the compute resource requirements.
RestartPolicy defines the restart behavior of individual containers in a pod. This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Additionally, setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.
Represents a list of rules to be checked to determine if the container should be restarted on exit. The rules are evaluated in order. Once a rule matches a container exit condition, the remaining rules are ignored. If no rule matches the container exit condition, the Container-level restart policy determines the whether the container is restarted or not. Constraints on the rules: - At most 20 rules are allowed. - Rules can have the same action. - Identical rules are not forbidden in validations. When rules are specified, container MUST set RestartPolicy explicitly even it if matches the Pod's RestartPolicy.
SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
volumeDevices is the list of block devices to be used by the container.
Pod volumes to mount into the container's filesystem. Cannot be updated.
Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
3 nested properties
ContainerSetRetryStrategy provides controls on how to retry a container set
Daemon will allow a workflow to proceed to the next step so long as the container reaches readiness
DAGTemplate is a template subtype for directed acyclic graph templates
3 nested properties
Tasks are a list of DAG tasks MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
This flag is for DAG logic. The DAG logic has a built-in "fail fast" feature to stop scheduling new steps, as soon as it detects that one of the DAG nodes is failed. Then it waits until all DAG nodes are completed before failing the DAG itself. The FailFast flag default is true, if set to false, it will allow a DAG to run all branches of the DAG to completion (either success or failure), regardless of the failed outcomes of branches in the DAG. More info and example about this feature at https://github.com/argoproj/argo-workflows/issues/1442
Target are one or more names of targets to execute in a DAG
Data is a data template
2 nested properties
DataSource sources external data into a data template
Transformation applies a set of transformations
ExecutorConfig holds configurations of an executor container.
1 nested properties
ServiceAccountName specifies the service account name of the executor container.
FailFast, if specified, will fail this template if any of its child pods has failed. This is useful for when this template is expanded with withItems, etc.
HostAliases is an optional list of hosts and IPs that will be injected into the pod spec
8 nested properties
URL of the HTTP Request
Body is content of the HTTP Request
HTTPBodySource contains the source of the HTTP body.
Headers are an optional list of headers to send with HTTP requests
InsecureSkipVerify is a bool when if set to true will skip TLS verification for the HTTP client
Method is HTTP methods for HTTP Request
SuccessCondition is an expression if evaluated to true is considered successful
TimeoutSeconds is request timeout for HTTP Request. Default is 30 seconds
InitContainers is a list of containers which run before the main container.
Inputs are the mechanism for passing parameters, artifacts, volumes from one template to another
2 nested properties
Artifact are a list of artifacts passed as inputs
Parameters are a list of parameters passed as inputs MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
Memoization enables caching for the Outputs of the template
3 nested properties
Cache is the configuration for the type of cache to be used
Key is the key to use as the caching key
MaxAge is the maximum age (e.g. "180s", "24h") of an entry that is still considered valid. If an entry is older than the MaxAge, it will be ignored.
Pod metadata
2 nested properties
Metrics are a list of metrics emitted from a Workflow/Template
1 nested properties
Prometheus is a list of prometheus metrics to be emitted MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
Name is the name of the template
NodeSelector is a selector to schedule this step of the workflow to be run on the selected node(s). Overrides the selector set at the workflow level.
Outputs hold parameters, artifacts, and results from a step
4 nested properties
Artifacts holds the list of output artifacts produced by a step
ExitCode holds the exit code of a script template
Parameters holds the list of output parameters produced by a step
Result holds the result (stdout) of a script or container template, or the response body of an HTTP template
Parallelism limits the max total parallel pods that can execute at the same time within the boundaries of this template invocation. If additional steps/dag templates are invoked, the pods created by those templates will not be counted towards this total.
Plugin is an Object with exactly one key
PodSpecPatch holds strategic merge patch to apply against the pod spec. Allows parameterization of container fields which are not strings (e.g. resource limits).
PriorityClassName to apply to workflow pods.
ResourceTemplate is a template subtype to manipulate kubernetes resources
8 nested properties
Action is the action to perform to the resource. Must be one of: get, create, apply, delete, replace, patch
FailureCondition is a label selector expression which describes the conditions of the k8s resource in which the step was considered failed
Flags is a set of additional options passed to kubectl before submitting a resource I.e. to disable resource validation: flags: [ "--validate=false" # disable resource validation ]
Manifest contains the kubernetes manifest
MergeStrategy is the strategy used to merge a patch. It defaults to "strategic" Must be one of: strategic, merge, json
SetOwnerReference sets the reference to the workflow on the OwnerReference of generated resource.
SuccessCondition is a label selector expression which describes the conditions of the k8s resource in which it is acceptable to proceed to the following step
RetryStrategy provides controls on how to retry a workflow step
5 nested properties
RetryAffinity prevents running steps on the same host.
Backoff is a backoff strategy to use within retryStrategy
Expression is a condition expression for when a node will be retried. If it evaluates to false, the node will not be retried and the retry strategy will be ignored
RetryPolicy is a policy of NodePhase statuses that will be retried
If specified, the pod will be dispatched by specified scheduler. Or it will be dispatched by workflow scope scheduler if specified. If neither specified, the pod will be dispatched by default scheduler.
ScriptTemplate is a template subtype to enable scripting through code steps
26 nested properties
Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
Source contains the source code of the script to execute
Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
List of environment variables to set in the container. Cannot be updated.
List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
Resources resize policy for the container. This field cannot be set on ephemeral containers.
ResourceRequirements describes the compute resource requirements.
RestartPolicy defines the restart behavior of individual containers in a pod. This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Additionally, setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.
Represents a list of rules to be checked to determine if the container should be restarted on exit. The rules are evaluated in order. Once a rule matches a container exit condition, the remaining rules are ignored. If no rule matches the container exit condition, the Container-level restart policy determines the whether the container is restarted or not. Constraints on the rules: - At most 20 rules are allowed. - Rules can have the same action. - Identical rules are not forbidden in validations. When rules are specified, container MUST set RestartPolicy explicitly even it if matches the Pod's RestartPolicy.
SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
volumeDevices is the list of block devices to be used by the container.
Pod volumes to mount into the container's filesystem. Cannot be updated.
Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
13 nested properties
AppArmorProfile defines a pod or container's AppArmor settings.
A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:
- The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw----
If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.
fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. Valid values are "MountOption" and "Recursive".
"Recursive" means relabeling of all files on all Pod volumes by the container runtime. This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.
"MountOption" mounts all eligible Pod volumes with -o context mount option. This requires all Pods that share the same volume to use the same SELinux label. It is not possible to share the same volume among privileged and unprivileged Pods. Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their CSIDriver instance. Other volumes are always re-labelled recursively. "MountOption" value is allowed only when SELinuxMount feature gate is enabled.
If not specified and SELinuxMount feature gate is enabled, "MountOption" is used. If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes and "Recursive" for all other volumes.
This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.
All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. Note that this field cannot be set when spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.
Defines how supplemental groups of the first container processes are calculated. Valid values are "Merge" and "Strict". If not specified, "Merge" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.
WindowsSecurityContextOptions contain Windows-specific options and credentials.
ServiceAccountName to apply to workflow pods
Sidecars is a list of containers which run alongside the main container Sidecars are automatically killed when the main container completes
Steps define a series of sequential/parallel workflow steps
SuspendTemplate is a template subtype to suspend a workflow at a predetermined point in time
1 nested properties
Duration is the seconds to wait before automatically resuming a template. Must be a string. Default unit is seconds. Could also be a Duration, e.g.: "2m", "6h"
Synchronization holds synchronization lock configuration
2 nested properties
v3.6 and after: Mutexes holds the list of Mutex lock details
v3.6 and after: Semaphores holds the list of Semaphores configuration
Timeout allows to set the total node execution timeout duration counting from the node's start time. This duration also includes time in which the node spends in Pending state. This duration may not be applied to Step or DAG templates.
Tolerations to apply to workflow pods.
Volumes is a list of volumes that can be mounted by containers in a template.
Templates is a list of workflow templates used in a workflow MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
Tolerations to apply to workflow pods.
TTLStrategy is the strategy for the time to live depending on if the workflow succeeded or failed
3 nested properties
SecondsAfterCompletion is the number of seconds to live after completion
SecondsAfterFailure is the number of seconds to live after failure
SecondsAfterSuccess is the number of seconds to live after success
VolumeClaimGC describes how to delete volumes from completed Workflows
1 nested properties
Strategy is the strategy to use. One of "OnWorkflowCompletion", "OnWorkflowSuccess". Defaults to "OnWorkflowSuccess"
VolumeClaimTemplates is a list of claims that containers are allowed to reference. The Workflow controller will create the claims at the beginning of the workflow and delete the claims upon completion of the workflow
Volumes is a list of volumes that can be mounted by containers in a io.argoproj.workflow.v1alpha1.
3 nested properties
WorkflowTemplateRef is a reference to a WorkflowTemplate resource.
2 nested properties
ClusterScope indicates the referred template is cluster scoped (i.e. a ClusterWorkflowTemplate).
Name is the resource name of the workflow template.
WorkflowStatus contains overall status information about a workflow
ArtGCStatus maintains state related to ArtifactGC
3 nested properties
if this is true, we already checked to see if we need to do it and we don't
have completed Pods been processed? (mapped by Pod name) used to prevent re-processing the Status of a Pod more than once
have Pods been started to perform this strategy? (enables us not to re-process what we've already done)
5 nested properties
ArtifactRepository represents an artifact repository in which a controller will store its artifacts
8 nested properties
ArchiveLogs enables log archiving
ArtifactoryArtifactRepository defines the controller configuration for an artifactory artifact repository
AzureArtifactRepository defines the controller configuration for an Azure Blob Storage artifact repository
GCSArtifactRepository defines the controller configuration for a GCS artifact repository
HDFSArtifactRepository defines the controller configuration for an HDFS artifact repository
OSSArtifactRepository defines the controller configuration for an OSS artifact repository
PluginArtifactRepository defines the controller configuration for a plugin artifact repository
S3ArtifactRepository defines the controller configuration for an S3 artifact repository
The name of the config map. Defaults to "artifact-repositories".
If this ref represents the default artifact repository, rather than a config map.
The config map key. Defaults to the value of the "workflows.argoproj.io/default-artifact-repository" annotation.
The namespace of the config map. Defaults to the workflow's namespace, or the controller's namespace (if found).
Compressed and base64 decoded Nodes map
Conditions is a list of conditions the Workflow may have
EstimatedDuration in seconds.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
A human readable message indicating details about why the workflow is in this condition.
Nodes is a mapping between a node ID and the node's status.
Whether on not node status has been offloaded to a database. If exists, then Nodes and CompressedNodes will be empty. This will actually be populated with a hash of the offloaded data.
Outputs hold parameters, artifacts, and results from a step
4 nested properties
Artifacts holds the list of output artifacts produced by a step
ExitCode holds the exit code of a script template
Parameters holds the list of output parameters produced by a step
Result holds the result (stdout) of a script or container template, or the response body of an HTTP template
PersistentVolumeClaims tracks all PVCs that were created as part of the io.argoproj.workflow.v1alpha1. The contents of this list are drained at the end of the workflow.
Phase a simple, high-level summary of where the workflow is in its lifecycle. Will be "" (Unknown), "Pending", or "Running" before the workflow is completed, and "Succeeded", "Failed" or "Error" once the workflow has completed.
Progress to completion
ResourcesDuration is the total for the workflow
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
StoredTemplates is a mapping between a template ref and the node's status.
WorkflowSpec is the specification of a Workflow.
41 nested properties
Optional duration in seconds relative to the workflow start time which the workflow is allowed to run before the controller terminates the io.argoproj.workflow.v1alpha1. A value of zero is used to terminate a Running workflow
Affinity is a group of affinity scheduling rules.
ArchiveLogs indicates if the container logs should be archived
Arguments to a template
2 nested properties
Artifacts is the list of artifacts to pass to the template or workflow
Parameters is the list of parameters to pass to the template or workflow
WorkflowLevelArtifactGC describes how to delete artifacts from completed Workflows - this spec is used on the Workflow level
5 nested properties
ForceFinalizerRemoval: if set to true, the finalizer will be removed in the case that Artifact GC fails
Pod metadata
PodSpecPatch holds strategic merge patch to apply against the artgc pod spec.
ServiceAccountName is an optional field for specifying the Service Account that should be assigned to the Pod doing the deletion
Strategy is the strategy to use.
2 nested properties
The name of the config map. Defaults to "artifact-repositories".
The config map key. Defaults to the value of the "workflows.argoproj.io/default-artifact-repository" annotation.
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in pods. ServiceAccountName of ExecutorConfig must be specified if this value is false.
PodDNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.
3 nested properties
A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.
A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.
A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.
Set DNS policy for workflow pods. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
Entrypoint is a template reference to the starting point of the io.argoproj.workflow.v1alpha1.
ExecutorConfig holds configurations of an executor container.
1 nested properties
ServiceAccountName specifies the service account name of the executor container.
Hooks holds the lifecycle hook which is invoked at lifecycle of step, irrespective of the success, failure, or error status of the primary step
Host networking requested for this workflow pod. Default to false.
ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
Metrics are a list of metrics emitted from a Workflow/Template
1 nested properties
Prometheus is a list of prometheus metrics to be emitted MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
NodeSelector is a selector which will result in all pods of the workflow to be scheduled on the selected node(s). This is able to be overridden by a nodeSelector specified in the template.
OnExit is a template reference which is invoked at the end of the workflow, irrespective of the success, failure, or error of the primary io.argoproj.workflow.v1alpha1.
Parallelism limits the max total parallel pods that can execute at the same time in a workflow
PodDisruptionBudgetSpec is a description of a PodDisruptionBudget.
4 nested properties
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods should be considered for eviction. Current implementation considers healthy pods, as pods that have status.conditions item with type="Ready",status="True".
Valid policies are IfHealthyBudget and AlwaysAllow. If no policy is specified, the default behavior will be used, which corresponds to the IfHealthyBudget policy.
IfHealthyBudget policy means that running pods (status.phase="Running"), but not yet healthy can be evicted only if the guarded application is not disrupted (status.currentHealthy is at least equal to status.desiredHealthy). Healthy pods will be subject to the PDB for eviction.
AlwaysAllow policy means that all running pods (status.phase="Running"), but not yet healthy are considered disrupted and can be evicted regardless of whether the criteria in a PDB is met. This means perspective running pods of a disrupted application might not get a chance to become healthy. Healthy pods will be subject to the PDB for eviction.
Additional policies may be added in the future. Clients making eviction decisions should disallow eviction of unhealthy pods if they encounter an unrecognized policy in this field.
PodGC describes how to delete completed pods as they complete
3 nested properties
DeleteDelayDuration specifies the duration before pods in the GC queue get deleted.
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
Strategy is the strategy to use. One of "OnPodCompletion", "OnPodSuccess", "OnWorkflowCompletion", "OnWorkflowSuccess". If unset, does not delete Pods
Pod metadata
2 nested properties
PriorityClassName to apply to workflow pods.
PodSpecPatch holds strategic merge patch to apply against the pod spec. Allows parameterization of container fields which are not strings (e.g. resource limits).
Priority is used if controller is configured to process limited number of workflows in parallel. Workflows with higher priority are processed first.
RetryStrategy provides controls on how to retry a workflow step
5 nested properties
RetryAffinity prevents running steps on the same host.
Backoff is a backoff strategy to use within retryStrategy
Expression is a condition expression for when a node will be retried. If it evaluates to false, the node will not be retried and the retry strategy will be ignored
RetryPolicy is a policy of NodePhase statuses that will be retried
Set scheduler name for all pods. Will be overridden if container/script template's scheduler name is set. Default scheduler will be used if neither specified.
PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
13 nested properties
AppArmorProfile defines a pod or container's AppArmor settings.
A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:
- The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw----
If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.
fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. Valid values are "MountOption" and "Recursive".
"Recursive" means relabeling of all files on all Pod volumes by the container runtime. This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.
"MountOption" mounts all eligible Pod volumes with -o context mount option. This requires all Pods that share the same volume to use the same SELinux label. It is not possible to share the same volume among privileged and unprivileged Pods. Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their CSIDriver instance. Other volumes are always re-labelled recursively. "MountOption" value is allowed only when SELinuxMount feature gate is enabled.
If not specified and SELinuxMount feature gate is enabled, "MountOption" is used. If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes and "Recursive" for all other volumes.
This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.
All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. Note that this field cannot be set when spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.
Defines how supplemental groups of the first container processes are calculated. Valid values are "Merge" and "Strict". If not specified, "Merge" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.
WindowsSecurityContextOptions contain Windows-specific options and credentials.
ServiceAccountName is the name of the ServiceAccount to run all pods of the workflow as.
Shutdown will shutdown the workflow according to its ShutdownStrategy
Suspend will suspend the workflow and prevent execution of any future steps in the workflow
Synchronization holds synchronization lock configuration
2 nested properties
v3.6 and after: Mutexes holds the list of Mutex lock details
v3.6 and after: Semaphores holds the list of Semaphores configuration
Template is a reusable and composable unit of execution in a workflow
39 nested properties
Affinity is a group of affinity scheduling rules.
Annotations is a list of annotations to add to the template at runtime
ArtifactLocation describes a location for a single or multiple artifacts. It is used as single artifact in the context of inputs/outputs (e.g. outputs.artifacts.artname). It is also used to describe the location of multiple artifacts such as the archive location of a single workflow step, which the executor will use as a default location to store its files.
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in pods. ServiceAccountName of ExecutorConfig must be specified if this value is false.
A single application container that you want to run within a pod.
Daemon will allow a workflow to proceed to the next step so long as the container reaches readiness
DAGTemplate is a template subtype for directed acyclic graph templates
Data is a data template
ExecutorConfig holds configurations of an executor container.
FailFast, if specified, will fail this template if any of its child pods has failed. This is useful for when this template is expanded with withItems, etc.
HostAliases is an optional list of hosts and IPs that will be injected into the pod spec
InitContainers is a list of containers which run before the main container.
Inputs are the mechanism for passing parameters, artifacts, volumes from one template to another
Memoization enables caching for the Outputs of the template
Pod metadata
Metrics are a list of metrics emitted from a Workflow/Template
Name is the name of the template
NodeSelector is a selector to schedule this step of the workflow to be run on the selected node(s). Overrides the selector set at the workflow level.
Outputs hold parameters, artifacts, and results from a step
Parallelism limits the max total parallel pods that can execute at the same time within the boundaries of this template invocation. If additional steps/dag templates are invoked, the pods created by those templates will not be counted towards this total.
Plugin is an Object with exactly one key
PodSpecPatch holds strategic merge patch to apply against the pod spec. Allows parameterization of container fields which are not strings (e.g. resource limits).
PriorityClassName to apply to workflow pods.
ResourceTemplate is a template subtype to manipulate kubernetes resources
RetryStrategy provides controls on how to retry a workflow step
If specified, the pod will be dispatched by specified scheduler. Or it will be dispatched by workflow scope scheduler if specified. If neither specified, the pod will be dispatched by default scheduler.
ScriptTemplate is a template subtype to enable scripting through code steps
PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
ServiceAccountName to apply to workflow pods
Sidecars is a list of containers which run alongside the main container Sidecars are automatically killed when the main container completes
Steps define a series of sequential/parallel workflow steps
SuspendTemplate is a template subtype to suspend a workflow at a predetermined point in time
Synchronization holds synchronization lock configuration
Timeout allows to set the total node execution timeout duration counting from the node's start time. This duration also includes time in which the node spends in Pending state. This duration may not be applied to Step or DAG templates.
Tolerations to apply to workflow pods.
Volumes is a list of volumes that can be mounted by containers in a template.
Templates is a list of workflow templates used in a workflow MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
Tolerations to apply to workflow pods.
TTLStrategy is the strategy for the time to live depending on if the workflow succeeded or failed
3 nested properties
SecondsAfterCompletion is the number of seconds to live after completion
SecondsAfterFailure is the number of seconds to live after failure
SecondsAfterSuccess is the number of seconds to live after success
VolumeClaimGC describes how to delete volumes from completed Workflows
1 nested properties
Strategy is the strategy to use. One of "OnWorkflowCompletion", "OnWorkflowSuccess". Defaults to "OnWorkflowSuccess"
VolumeClaimTemplates is a list of claims that containers are allowed to reference. The Workflow controller will create the claims at the beginning of the workflow and delete the claims upon completion of the workflow
Volumes is a list of volumes that can be mounted by containers in a io.argoproj.workflow.v1alpha1.
3 nested properties
WorkflowTemplateRef is a reference to a WorkflowTemplate resource.
2 nested properties
ClusterScope indicates the referred template is cluster scoped (i.e. a ClusterWorkflowTemplate).
Name is the resource name of the workflow template.
SynchronizationStatus stores the status of semaphore and mutex.
2 nested properties
MutexStatus contains which objects hold mutex locks, and which objects this workflow is waiting on to release locks.
2 nested properties
Holding is a list of mutexes and their respective objects that are held by mutex lock for this io.argoproj.workflow.v1alpha1.
Waiting is a list of mutexes and their respective objects this workflow is waiting for.
2 nested properties
Holding stores the list of resource acquired synchronization lock for workflows.
Waiting indicates the list of current synchronization lock holders.
TaskResultsCompletionStatus tracks task result completion status (mapped by node ID). Used to prevent premature archiving and garbage collection.
WorkflowStep is a reference to a template to execute in a series of step Note: CEL validation cannot check withItems (Schemaless) or inline (PreserveUnknownFields) fields.
Arguments to a template
2 nested properties
Artifacts is the list of artifacts to pass to the template or workflow
Parameters is the list of parameters to pass to the template or workflow
ContinueOn defines if a workflow should continue even if a task or step fails/errors. It can be specified if the workflow should continue when the pod errors, fails or both.
2 nested properties
Hooks holds the lifecycle hook which is invoked at lifecycle of step, irrespective of the success, failure, or error status of the primary step
Template is a reusable and composable unit of execution in a workflow
39 nested properties
Affinity is a group of affinity scheduling rules.
Annotations is a list of annotations to add to the template at runtime
ArtifactLocation describes a location for a single or multiple artifacts. It is used as single artifact in the context of inputs/outputs (e.g. outputs.artifacts.artname). It is also used to describe the location of multiple artifacts such as the archive location of a single workflow step, which the executor will use as a default location to store its files.
11 nested properties
ArchiveLogs indicates if the container logs should be archived
ArtifactoryArtifact is the location of an artifactory artifact
AzureArtifact is the location of an Azure Storage artifact
GCSArtifact is the location of a GCS artifact
GitArtifact is the location of a git artifact
HDFSArtifact is the location of an HDFS artifact
HTTPArtifact allows a file served on HTTP to be placed as an input artifact in a container
OSSArtifact is the location of an Alibaba Cloud OSS artifact
PluginArtifact is the location of a plugin artifact
RawArtifact allows raw string content to be placed as an artifact in a container
S3Artifact is the location of an S3 artifact
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in pods. ServiceAccountName of ExecutorConfig must be specified if this value is false.
A single application container that you want to run within a pod.
25 nested properties
Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
List of environment variables to set in the container. Cannot be updated.
List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
Resources resize policy for the container. This field cannot be set on ephemeral containers.
ResourceRequirements describes the compute resource requirements.
RestartPolicy defines the restart behavior of individual containers in a pod. This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Additionally, setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.
Represents a list of rules to be checked to determine if the container should be restarted on exit. The rules are evaluated in order. Once a rule matches a container exit condition, the remaining rules are ignored. If no rule matches the container exit condition, the Container-level restart policy determines the whether the container is restarted or not. Constraints on the rules: - At most 20 rules are allowed. - Rules can have the same action. - Identical rules are not forbidden in validations. When rules are specified, container MUST set RestartPolicy explicitly even it if matches the Pod's RestartPolicy.
SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
volumeDevices is the list of block devices to be used by the container.
Pod volumes to mount into the container's filesystem. Cannot be updated.
Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
3 nested properties
ContainerSetRetryStrategy provides controls on how to retry a container set
Daemon will allow a workflow to proceed to the next step so long as the container reaches readiness
DAGTemplate is a template subtype for directed acyclic graph templates
3 nested properties
Tasks are a list of DAG tasks MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
This flag is for DAG logic. The DAG logic has a built-in "fail fast" feature to stop scheduling new steps, as soon as it detects that one of the DAG nodes is failed. Then it waits until all DAG nodes are completed before failing the DAG itself. The FailFast flag default is true, if set to false, it will allow a DAG to run all branches of the DAG to completion (either success or failure), regardless of the failed outcomes of branches in the DAG. More info and example about this feature at https://github.com/argoproj/argo-workflows/issues/1442
Target are one or more names of targets to execute in a DAG
Data is a data template
2 nested properties
DataSource sources external data into a data template
Transformation applies a set of transformations
ExecutorConfig holds configurations of an executor container.
1 nested properties
ServiceAccountName specifies the service account name of the executor container.
FailFast, if specified, will fail this template if any of its child pods has failed. This is useful for when this template is expanded with withItems, etc.
HostAliases is an optional list of hosts and IPs that will be injected into the pod spec
8 nested properties
URL of the HTTP Request
Body is content of the HTTP Request
HTTPBodySource contains the source of the HTTP body.
Headers are an optional list of headers to send with HTTP requests
InsecureSkipVerify is a bool when if set to true will skip TLS verification for the HTTP client
Method is HTTP methods for HTTP Request
SuccessCondition is an expression if evaluated to true is considered successful
TimeoutSeconds is request timeout for HTTP Request. Default is 30 seconds
InitContainers is a list of containers which run before the main container.
Inputs are the mechanism for passing parameters, artifacts, volumes from one template to another
2 nested properties
Artifact are a list of artifacts passed as inputs
Parameters are a list of parameters passed as inputs MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
Memoization enables caching for the Outputs of the template
3 nested properties
Cache is the configuration for the type of cache to be used
Key is the key to use as the caching key
MaxAge is the maximum age (e.g. "180s", "24h") of an entry that is still considered valid. If an entry is older than the MaxAge, it will be ignored.
Pod metadata
2 nested properties
Metrics are a list of metrics emitted from a Workflow/Template
1 nested properties
Prometheus is a list of prometheus metrics to be emitted MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
Name is the name of the template
NodeSelector is a selector to schedule this step of the workflow to be run on the selected node(s). Overrides the selector set at the workflow level.
Outputs hold parameters, artifacts, and results from a step
4 nested properties
Artifacts holds the list of output artifacts produced by a step
ExitCode holds the exit code of a script template
Parameters holds the list of output parameters produced by a step
Result holds the result (stdout) of a script or container template, or the response body of an HTTP template
Parallelism limits the max total parallel pods that can execute at the same time within the boundaries of this template invocation. If additional steps/dag templates are invoked, the pods created by those templates will not be counted towards this total.
Plugin is an Object with exactly one key
PodSpecPatch holds strategic merge patch to apply against the pod spec. Allows parameterization of container fields which are not strings (e.g. resource limits).
PriorityClassName to apply to workflow pods.
ResourceTemplate is a template subtype to manipulate kubernetes resources
8 nested properties
Action is the action to perform to the resource. Must be one of: get, create, apply, delete, replace, patch
FailureCondition is a label selector expression which describes the conditions of the k8s resource in which the step was considered failed
Flags is a set of additional options passed to kubectl before submitting a resource I.e. to disable resource validation: flags: [ "--validate=false" # disable resource validation ]
Manifest contains the kubernetes manifest
MergeStrategy is the strategy used to merge a patch. It defaults to "strategic" Must be one of: strategic, merge, json
SetOwnerReference sets the reference to the workflow on the OwnerReference of generated resource.
SuccessCondition is a label selector expression which describes the conditions of the k8s resource in which it is acceptable to proceed to the following step
RetryStrategy provides controls on how to retry a workflow step
5 nested properties
RetryAffinity prevents running steps on the same host.
Backoff is a backoff strategy to use within retryStrategy
Expression is a condition expression for when a node will be retried. If it evaluates to false, the node will not be retried and the retry strategy will be ignored
RetryPolicy is a policy of NodePhase statuses that will be retried
If specified, the pod will be dispatched by specified scheduler. Or it will be dispatched by workflow scope scheduler if specified. If neither specified, the pod will be dispatched by default scheduler.
ScriptTemplate is a template subtype to enable scripting through code steps
26 nested properties
Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
Source contains the source code of the script to execute
Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
List of environment variables to set in the container. Cannot be updated.
List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
Resources resize policy for the container. This field cannot be set on ephemeral containers.
ResourceRequirements describes the compute resource requirements.
RestartPolicy defines the restart behavior of individual containers in a pod. This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Additionally, setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.
Represents a list of rules to be checked to determine if the container should be restarted on exit. The rules are evaluated in order. Once a rule matches a container exit condition, the remaining rules are ignored. If no rule matches the container exit condition, the Container-level restart policy determines the whether the container is restarted or not. Constraints on the rules: - At most 20 rules are allowed. - Rules can have the same action. - Identical rules are not forbidden in validations. When rules are specified, container MUST set RestartPolicy explicitly even it if matches the Pod's RestartPolicy.
SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
volumeDevices is the list of block devices to be used by the container.
Pod volumes to mount into the container's filesystem. Cannot be updated.
Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
13 nested properties
AppArmorProfile defines a pod or container's AppArmor settings.
A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:
- The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw----
If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.
fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. Valid values are "MountOption" and "Recursive".
"Recursive" means relabeling of all files on all Pod volumes by the container runtime. This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.
"MountOption" mounts all eligible Pod volumes with -o context mount option. This requires all Pods that share the same volume to use the same SELinux label. It is not possible to share the same volume among privileged and unprivileged Pods. Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their CSIDriver instance. Other volumes are always re-labelled recursively. "MountOption" value is allowed only when SELinuxMount feature gate is enabled.
If not specified and SELinuxMount feature gate is enabled, "MountOption" is used. If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes and "Recursive" for all other volumes.
This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.
All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. Note that this field cannot be set when spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.
Defines how supplemental groups of the first container processes are calculated. Valid values are "Merge" and "Strict". If not specified, "Merge" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.
WindowsSecurityContextOptions contain Windows-specific options and credentials.
ServiceAccountName to apply to workflow pods
Sidecars is a list of containers which run alongside the main container Sidecars are automatically killed when the main container completes
Steps define a series of sequential/parallel workflow steps
SuspendTemplate is a template subtype to suspend a workflow at a predetermined point in time
1 nested properties
Duration is the seconds to wait before automatically resuming a template. Must be a string. Default unit is seconds. Could also be a Duration, e.g.: "2m", "6h"
Synchronization holds synchronization lock configuration
2 nested properties
v3.6 and after: Mutexes holds the list of Mutex lock details
v3.6 and after: Semaphores holds the list of Semaphores configuration
Timeout allows to set the total node execution timeout duration counting from the node's start time. This duration also includes time in which the node spends in Pending state. This duration may not be applied to Step or DAG templates.
Tolerations to apply to workflow pods.
Volumes is a list of volumes that can be mounted by containers in a template.
Name of the step
OnExit is a template reference which is invoked at the end of the template, irrespective of the success, failure, or error of the primary template.
Deprecated: Use Hooks[exit].Template instead.
Template is the name of the template to execute as the step
TemplateRef is a reference of template resource.
3 nested properties
ClusterScope indicates the referred template is cluster scoped (i.e. a ClusterWorkflowTemplate).
Name is the resource name of the template.
Template is the name of referred template in the resource.
When is an expression in which the step should conditionally execute
WithItems expands a step into multiple parallel steps from the items in the list Note: The structure of WithItems is free-form, so we need "x-kubernetes-preserve-unknown-fields: true" in the validation schema.
WithParam expands a step into multiple parallel steps from the value in the parameter, which is expected to be a JSON list.
SubmitOpts are workflow submission options
12 nested properties
Annotations adds to metadata.labels
DryRun validates the workflow on the client-side without creating it. This option is not supported in API
Entrypoint overrides spec.entrypoint
GenerateName overrides metadata.generateName
Labels adds to metadata.labels
Name overrides metadata.name
OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.
6 nested properties
API version of the referent.
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.
If true, this reference points to the managing controller.
Parameters passes input parameters to workflow
Set the podPriorityClassName of the workflow
Priority is used if controller is configured to process limited number of workflows in parallel, higher priority workflows are processed first.
ServerDryRun validates the workflow on the server-side without creating it
ServiceAccount runs all pods in the workflow using specified ServiceAccount.
WorkflowTemplate is the definition of a workflow template resource
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
15 nested properties
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will return a 409.
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
WorkflowSpec is the specification of a Workflow.
41 nested properties
Optional duration in seconds relative to the workflow start time which the workflow is allowed to run before the controller terminates the io.argoproj.workflow.v1alpha1. A value of zero is used to terminate a Running workflow
Affinity is a group of affinity scheduling rules.
ArchiveLogs indicates if the container logs should be archived
Arguments to a template
2 nested properties
Artifacts is the list of artifacts to pass to the template or workflow
Parameters is the list of parameters to pass to the template or workflow
WorkflowLevelArtifactGC describes how to delete artifacts from completed Workflows - this spec is used on the Workflow level
5 nested properties
ForceFinalizerRemoval: if set to true, the finalizer will be removed in the case that Artifact GC fails
Pod metadata
PodSpecPatch holds strategic merge patch to apply against the artgc pod spec.
ServiceAccountName is an optional field for specifying the Service Account that should be assigned to the Pod doing the deletion
Strategy is the strategy to use.
2 nested properties
The name of the config map. Defaults to "artifact-repositories".
The config map key. Defaults to the value of the "workflows.argoproj.io/default-artifact-repository" annotation.
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in pods. ServiceAccountName of ExecutorConfig must be specified if this value is false.
PodDNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.
3 nested properties
A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.
A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.
A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.
Set DNS policy for workflow pods. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
Entrypoint is a template reference to the starting point of the io.argoproj.workflow.v1alpha1.
ExecutorConfig holds configurations of an executor container.
1 nested properties
ServiceAccountName specifies the service account name of the executor container.
Hooks holds the lifecycle hook which is invoked at lifecycle of step, irrespective of the success, failure, or error status of the primary step
Host networking requested for this workflow pod. Default to false.
ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
Metrics are a list of metrics emitted from a Workflow/Template
1 nested properties
Prometheus is a list of prometheus metrics to be emitted MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
NodeSelector is a selector which will result in all pods of the workflow to be scheduled on the selected node(s). This is able to be overridden by a nodeSelector specified in the template.
OnExit is a template reference which is invoked at the end of the workflow, irrespective of the success, failure, or error of the primary io.argoproj.workflow.v1alpha1.
Parallelism limits the max total parallel pods that can execute at the same time in a workflow
PodDisruptionBudgetSpec is a description of a PodDisruptionBudget.
4 nested properties
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods should be considered for eviction. Current implementation considers healthy pods, as pods that have status.conditions item with type="Ready",status="True".
Valid policies are IfHealthyBudget and AlwaysAllow. If no policy is specified, the default behavior will be used, which corresponds to the IfHealthyBudget policy.
IfHealthyBudget policy means that running pods (status.phase="Running"), but not yet healthy can be evicted only if the guarded application is not disrupted (status.currentHealthy is at least equal to status.desiredHealthy). Healthy pods will be subject to the PDB for eviction.
AlwaysAllow policy means that all running pods (status.phase="Running"), but not yet healthy are considered disrupted and can be evicted regardless of whether the criteria in a PDB is met. This means perspective running pods of a disrupted application might not get a chance to become healthy. Healthy pods will be subject to the PDB for eviction.
Additional policies may be added in the future. Clients making eviction decisions should disallow eviction of unhealthy pods if they encounter an unrecognized policy in this field.
PodGC describes how to delete completed pods as they complete
3 nested properties
DeleteDelayDuration specifies the duration before pods in the GC queue get deleted.
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
Strategy is the strategy to use. One of "OnPodCompletion", "OnPodSuccess", "OnWorkflowCompletion", "OnWorkflowSuccess". If unset, does not delete Pods
Pod metadata
2 nested properties
PriorityClassName to apply to workflow pods.
PodSpecPatch holds strategic merge patch to apply against the pod spec. Allows parameterization of container fields which are not strings (e.g. resource limits).
Priority is used if controller is configured to process limited number of workflows in parallel. Workflows with higher priority are processed first.
RetryStrategy provides controls on how to retry a workflow step
5 nested properties
RetryAffinity prevents running steps on the same host.
Backoff is a backoff strategy to use within retryStrategy
Expression is a condition expression for when a node will be retried. If it evaluates to false, the node will not be retried and the retry strategy will be ignored
RetryPolicy is a policy of NodePhase statuses that will be retried
Set scheduler name for all pods. Will be overridden if container/script template's scheduler name is set. Default scheduler will be used if neither specified.
PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
13 nested properties
AppArmorProfile defines a pod or container's AppArmor settings.
A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:
- The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw----
If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.
fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. Valid values are "MountOption" and "Recursive".
"Recursive" means relabeling of all files on all Pod volumes by the container runtime. This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.
"MountOption" mounts all eligible Pod volumes with -o context mount option. This requires all Pods that share the same volume to use the same SELinux label. It is not possible to share the same volume among privileged and unprivileged Pods. Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their CSIDriver instance. Other volumes are always re-labelled recursively. "MountOption" value is allowed only when SELinuxMount feature gate is enabled.
If not specified and SELinuxMount feature gate is enabled, "MountOption" is used. If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes and "Recursive" for all other volumes.
This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.
All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. Note that this field cannot be set when spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.
Defines how supplemental groups of the first container processes are calculated. Valid values are "Merge" and "Strict". If not specified, "Merge" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.
WindowsSecurityContextOptions contain Windows-specific options and credentials.
ServiceAccountName is the name of the ServiceAccount to run all pods of the workflow as.
Shutdown will shutdown the workflow according to its ShutdownStrategy
Suspend will suspend the workflow and prevent execution of any future steps in the workflow
Synchronization holds synchronization lock configuration
2 nested properties
v3.6 and after: Mutexes holds the list of Mutex lock details
v3.6 and after: Semaphores holds the list of Semaphores configuration
Template is a reusable and composable unit of execution in a workflow
39 nested properties
Affinity is a group of affinity scheduling rules.
Annotations is a list of annotations to add to the template at runtime
ArtifactLocation describes a location for a single or multiple artifacts. It is used as single artifact in the context of inputs/outputs (e.g. outputs.artifacts.artname). It is also used to describe the location of multiple artifacts such as the archive location of a single workflow step, which the executor will use as a default location to store its files.
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in pods. ServiceAccountName of ExecutorConfig must be specified if this value is false.
A single application container that you want to run within a pod.
Daemon will allow a workflow to proceed to the next step so long as the container reaches readiness
DAGTemplate is a template subtype for directed acyclic graph templates
Data is a data template
ExecutorConfig holds configurations of an executor container.
FailFast, if specified, will fail this template if any of its child pods has failed. This is useful for when this template is expanded with withItems, etc.
HostAliases is an optional list of hosts and IPs that will be injected into the pod spec
InitContainers is a list of containers which run before the main container.
Inputs are the mechanism for passing parameters, artifacts, volumes from one template to another
Memoization enables caching for the Outputs of the template
Pod metadata
Metrics are a list of metrics emitted from a Workflow/Template
Name is the name of the template
NodeSelector is a selector to schedule this step of the workflow to be run on the selected node(s). Overrides the selector set at the workflow level.
Outputs hold parameters, artifacts, and results from a step
Parallelism limits the max total parallel pods that can execute at the same time within the boundaries of this template invocation. If additional steps/dag templates are invoked, the pods created by those templates will not be counted towards this total.
Plugin is an Object with exactly one key
PodSpecPatch holds strategic merge patch to apply against the pod spec. Allows parameterization of container fields which are not strings (e.g. resource limits).
PriorityClassName to apply to workflow pods.
ResourceTemplate is a template subtype to manipulate kubernetes resources
RetryStrategy provides controls on how to retry a workflow step
If specified, the pod will be dispatched by specified scheduler. Or it will be dispatched by workflow scope scheduler if specified. If neither specified, the pod will be dispatched by default scheduler.
ScriptTemplate is a template subtype to enable scripting through code steps
PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
ServiceAccountName to apply to workflow pods
Sidecars is a list of containers which run alongside the main container Sidecars are automatically killed when the main container completes
Steps define a series of sequential/parallel workflow steps
SuspendTemplate is a template subtype to suspend a workflow at a predetermined point in time
Synchronization holds synchronization lock configuration
Timeout allows to set the total node execution timeout duration counting from the node's start time. This duration also includes time in which the node spends in Pending state. This duration may not be applied to Step or DAG templates.
Tolerations to apply to workflow pods.
Volumes is a list of volumes that can be mounted by containers in a template.
Templates is a list of workflow templates used in a workflow MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
Tolerations to apply to workflow pods.
TTLStrategy is the strategy for the time to live depending on if the workflow succeeded or failed
3 nested properties
SecondsAfterCompletion is the number of seconds to live after completion
SecondsAfterFailure is the number of seconds to live after failure
SecondsAfterSuccess is the number of seconds to live after success
VolumeClaimGC describes how to delete volumes from completed Workflows
1 nested properties
Strategy is the strategy to use. One of "OnWorkflowCompletion", "OnWorkflowSuccess". Defaults to "OnWorkflowSuccess"
VolumeClaimTemplates is a list of claims that containers are allowed to reference. The Workflow controller will create the claims at the beginning of the workflow and delete the claims upon completion of the workflow
Volumes is a list of volumes that can be mounted by containers in a io.argoproj.workflow.v1alpha1.
3 nested properties
WorkflowTemplateRef is a reference to a WorkflowTemplate resource.
2 nested properties
ClusterScope indicates the referred template is cluster scoped (i.e. a ClusterWorkflowTemplate).
Name is the resource name of the workflow template.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
CreateOptions may be provided when creating an API object.
3 nested properties
WorkflowTemplate is the definition of a workflow template resource
4 nested properties
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
15 nested properties
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will return a 409.
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
WorkflowSpec is the specification of a Workflow.
41 nested properties
Optional duration in seconds relative to the workflow start time which the workflow is allowed to run before the controller terminates the io.argoproj.workflow.v1alpha1. A value of zero is used to terminate a Running workflow
Affinity is a group of affinity scheduling rules.
ArchiveLogs indicates if the container logs should be archived
Arguments to a template
WorkflowLevelArtifactGC describes how to delete artifacts from completed Workflows - this spec is used on the Workflow level
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in pods. ServiceAccountName of ExecutorConfig must be specified if this value is false.
PodDNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.
Set DNS policy for workflow pods. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
Entrypoint is a template reference to the starting point of the io.argoproj.workflow.v1alpha1.
ExecutorConfig holds configurations of an executor container.
Hooks holds the lifecycle hook which is invoked at lifecycle of step, irrespective of the success, failure, or error status of the primary step
Host networking requested for this workflow pod. Default to false.
ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
Metrics are a list of metrics emitted from a Workflow/Template
NodeSelector is a selector which will result in all pods of the workflow to be scheduled on the selected node(s). This is able to be overridden by a nodeSelector specified in the template.
OnExit is a template reference which is invoked at the end of the workflow, irrespective of the success, failure, or error of the primary io.argoproj.workflow.v1alpha1.
Parallelism limits the max total parallel pods that can execute at the same time in a workflow
PodDisruptionBudgetSpec is a description of a PodDisruptionBudget.
PodGC describes how to delete completed pods as they complete
Pod metadata
PriorityClassName to apply to workflow pods.
PodSpecPatch holds strategic merge patch to apply against the pod spec. Allows parameterization of container fields which are not strings (e.g. resource limits).
Priority is used if controller is configured to process limited number of workflows in parallel. Workflows with higher priority are processed first.
RetryStrategy provides controls on how to retry a workflow step
Set scheduler name for all pods. Will be overridden if container/script template's scheduler name is set. Default scheduler will be used if neither specified.
PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
ServiceAccountName is the name of the ServiceAccount to run all pods of the workflow as.
Shutdown will shutdown the workflow according to its ShutdownStrategy
Suspend will suspend the workflow and prevent execution of any future steps in the workflow
Synchronization holds synchronization lock configuration
Template is a reusable and composable unit of execution in a workflow
Templates is a list of workflow templates used in a workflow MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
Tolerations to apply to workflow pods.
TTLStrategy is the strategy for the time to live depending on if the workflow succeeded or failed
VolumeClaimGC describes how to delete volumes from completed Workflows
VolumeClaimTemplates is a list of claims that containers are allowed to reference. The Workflow controller will create the claims at the beginning of the workflow and delete the claims upon completion of the workflow
Volumes is a list of volumes that can be mounted by containers in a io.argoproj.workflow.v1alpha1.
WorkflowTemplateRef is a reference to a WorkflowTemplate resource.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
CreateOptions may be provided when creating an API object.
3 nested properties
WorkflowTemplate is the definition of a workflow template resource
4 nested properties
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
15 nested properties
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will return a 409.
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
WorkflowSpec is the specification of a Workflow.
41 nested properties
Optional duration in seconds relative to the workflow start time which the workflow is allowed to run before the controller terminates the io.argoproj.workflow.v1alpha1. A value of zero is used to terminate a Running workflow
Affinity is a group of affinity scheduling rules.
ArchiveLogs indicates if the container logs should be archived
Arguments to a template
WorkflowLevelArtifactGC describes how to delete artifacts from completed Workflows - this spec is used on the Workflow level
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in pods. ServiceAccountName of ExecutorConfig must be specified if this value is false.
PodDNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.
Set DNS policy for workflow pods. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
Entrypoint is a template reference to the starting point of the io.argoproj.workflow.v1alpha1.
ExecutorConfig holds configurations of an executor container.
Hooks holds the lifecycle hook which is invoked at lifecycle of step, irrespective of the success, failure, or error status of the primary step
Host networking requested for this workflow pod. Default to false.
ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
Metrics are a list of metrics emitted from a Workflow/Template
NodeSelector is a selector which will result in all pods of the workflow to be scheduled on the selected node(s). This is able to be overridden by a nodeSelector specified in the template.
OnExit is a template reference which is invoked at the end of the workflow, irrespective of the success, failure, or error of the primary io.argoproj.workflow.v1alpha1.
Parallelism limits the max total parallel pods that can execute at the same time in a workflow
PodDisruptionBudgetSpec is a description of a PodDisruptionBudget.
PodGC describes how to delete completed pods as they complete
Pod metadata
PriorityClassName to apply to workflow pods.
PodSpecPatch holds strategic merge patch to apply against the pod spec. Allows parameterization of container fields which are not strings (e.g. resource limits).
Priority is used if controller is configured to process limited number of workflows in parallel. Workflows with higher priority are processed first.
RetryStrategy provides controls on how to retry a workflow step
Set scheduler name for all pods. Will be overridden if container/script template's scheduler name is set. Default scheduler will be used if neither specified.
PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
ServiceAccountName is the name of the ServiceAccount to run all pods of the workflow as.
Shutdown will shutdown the workflow according to its ShutdownStrategy
Suspend will suspend the workflow and prevent execution of any future steps in the workflow
Synchronization holds synchronization lock configuration
Template is a reusable and composable unit of execution in a workflow
Templates is a list of workflow templates used in a workflow MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
Tolerations to apply to workflow pods.
TTLStrategy is the strategy for the time to live depending on if the workflow succeeded or failed
VolumeClaimGC describes how to delete volumes from completed Workflows
VolumeClaimTemplates is a list of claims that containers are allowed to reference. The Workflow controller will create the claims at the beginning of the workflow and delete the claims upon completion of the workflow
Volumes is a list of volumes that can be mounted by containers in a io.argoproj.workflow.v1alpha1.
WorkflowTemplateRef is a reference to a WorkflowTemplate resource.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
WorkflowTemplateList is list of WorkflowTemplate resources
ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.
4 nested properties
continue may be set if the user set a limit on the number of items returned, and indicates that the server has more data available. The value is opaque and may be used to issue another request to the endpoint that served this list to retrieve the next set of available objects. Continuing a consistent list may not be possible if the server configuration has changed or more than a few minutes have passed. The resourceVersion field returned when using this continue value will be identical to the value in the first response, unless you have received this token from an error message.
remainingItemCount is the number of subsequent items in the list which are not included in this list response. If the list request contained label or field selectors, then the number of remaining items is unknown and the field will be left unset and omitted during serialization. If the list is complete (either because it is not chunking or because this is the last chunk), then there are no more remaining items and this field will be left unset and omitted during serialization. Servers older than v1.15 do not set this field. The intended use of the remainingItemCount is estimating the size of a collection. Clients should not rely on the remainingItemCount to be set or to be exact.
String that identifies the server's internal version of this object that can be used by clients to determine when objects have changed. Value must be treated as opaque by clients and passed unmodified back to the server. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
WorkflowTemplateRef is a reference to a WorkflowTemplate resource.
ClusterScope indicates the referred template is cluster scoped (i.e. a ClusterWorkflowTemplate).
Name is the resource name of the workflow template.
DEPRECATED: This field is ignored.
WorkflowTemplate is the definition of a workflow template resource
4 nested properties
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
15 nested properties
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will return a 409.
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
WorkflowSpec is the specification of a Workflow.
41 nested properties
Optional duration in seconds relative to the workflow start time which the workflow is allowed to run before the controller terminates the io.argoproj.workflow.v1alpha1. A value of zero is used to terminate a Running workflow
Affinity is a group of affinity scheduling rules.
ArchiveLogs indicates if the container logs should be archived
Arguments to a template
WorkflowLevelArtifactGC describes how to delete artifacts from completed Workflows - this spec is used on the Workflow level
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in pods. ServiceAccountName of ExecutorConfig must be specified if this value is false.
PodDNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.
Set DNS policy for workflow pods. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
Entrypoint is a template reference to the starting point of the io.argoproj.workflow.v1alpha1.
ExecutorConfig holds configurations of an executor container.
Hooks holds the lifecycle hook which is invoked at lifecycle of step, irrespective of the success, failure, or error status of the primary step
Host networking requested for this workflow pod. Default to false.
ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
Metrics are a list of metrics emitted from a Workflow/Template
NodeSelector is a selector which will result in all pods of the workflow to be scheduled on the selected node(s). This is able to be overridden by a nodeSelector specified in the template.
OnExit is a template reference which is invoked at the end of the workflow, irrespective of the success, failure, or error of the primary io.argoproj.workflow.v1alpha1.
Parallelism limits the max total parallel pods that can execute at the same time in a workflow
PodDisruptionBudgetSpec is a description of a PodDisruptionBudget.
PodGC describes how to delete completed pods as they complete
Pod metadata
PriorityClassName to apply to workflow pods.
PodSpecPatch holds strategic merge patch to apply against the pod spec. Allows parameterization of container fields which are not strings (e.g. resource limits).
Priority is used if controller is configured to process limited number of workflows in parallel. Workflows with higher priority are processed first.
RetryStrategy provides controls on how to retry a workflow step
Set scheduler name for all pods. Will be overridden if container/script template's scheduler name is set. Default scheduler will be used if neither specified.
PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
ServiceAccountName is the name of the ServiceAccount to run all pods of the workflow as.
Shutdown will shutdown the workflow according to its ShutdownStrategy
Suspend will suspend the workflow and prevent execution of any future steps in the workflow
Synchronization holds synchronization lock configuration
Template is a reusable and composable unit of execution in a workflow
Templates is a list of workflow templates used in a workflow MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
Tolerations to apply to workflow pods.
TTLStrategy is the strategy for the time to live depending on if the workflow succeeded or failed
VolumeClaimGC describes how to delete volumes from completed Workflows
VolumeClaimTemplates is a list of claims that containers are allowed to reference. The Workflow controller will create the claims at the beginning of the workflow and delete the claims upon completion of the workflow
Volumes is a list of volumes that can be mounted by containers in a io.argoproj.workflow.v1alpha1.
WorkflowTemplateRef is a reference to a WorkflowTemplate resource.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Workflow is the definition of a workflow resource
5 nested properties
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
15 nested properties
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will return a 409.
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
WorkflowSpec is the specification of a Workflow.
41 nested properties
Optional duration in seconds relative to the workflow start time which the workflow is allowed to run before the controller terminates the io.argoproj.workflow.v1alpha1. A value of zero is used to terminate a Running workflow
Affinity is a group of affinity scheduling rules.
ArchiveLogs indicates if the container logs should be archived
Arguments to a template
WorkflowLevelArtifactGC describes how to delete artifacts from completed Workflows - this spec is used on the Workflow level
AutomountServiceAccountToken indicates whether a service account token should be automatically mounted in pods. ServiceAccountName of ExecutorConfig must be specified if this value is false.
PodDNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.
Set DNS policy for workflow pods. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
Entrypoint is a template reference to the starting point of the io.argoproj.workflow.v1alpha1.
ExecutorConfig holds configurations of an executor container.
Hooks holds the lifecycle hook which is invoked at lifecycle of step, irrespective of the success, failure, or error status of the primary step
Host networking requested for this workflow pod. Default to false.
ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
Metrics are a list of metrics emitted from a Workflow/Template
NodeSelector is a selector which will result in all pods of the workflow to be scheduled on the selected node(s). This is able to be overridden by a nodeSelector specified in the template.
OnExit is a template reference which is invoked at the end of the workflow, irrespective of the success, failure, or error of the primary io.argoproj.workflow.v1alpha1.
Parallelism limits the max total parallel pods that can execute at the same time in a workflow
PodDisruptionBudgetSpec is a description of a PodDisruptionBudget.
PodGC describes how to delete completed pods as they complete
Pod metadata
PriorityClassName to apply to workflow pods.
PodSpecPatch holds strategic merge patch to apply against the pod spec. Allows parameterization of container fields which are not strings (e.g. resource limits).
Priority is used if controller is configured to process limited number of workflows in parallel. Workflows with higher priority are processed first.
RetryStrategy provides controls on how to retry a workflow step
Set scheduler name for all pods. Will be overridden if container/script template's scheduler name is set. Default scheduler will be used if neither specified.
PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
ServiceAccountName is the name of the ServiceAccount to run all pods of the workflow as.
Shutdown will shutdown the workflow according to its ShutdownStrategy
Suspend will suspend the workflow and prevent execution of any future steps in the workflow
Synchronization holds synchronization lock configuration
Template is a reusable and composable unit of execution in a workflow
Templates is a list of workflow templates used in a workflow MaxItems is an artificial limit to limit CEL validation costs - see note at top of file
Tolerations to apply to workflow pods.
TTLStrategy is the strategy for the time to live depending on if the workflow succeeded or failed
VolumeClaimGC describes how to delete volumes from completed Workflows
VolumeClaimTemplates is a list of claims that containers are allowed to reference. The Workflow controller will create the claims at the beginning of the workflow and delete the claims upon completion of the workflow
Volumes is a list of volumes that can be mounted by containers in a io.argoproj.workflow.v1alpha1.
WorkflowTemplateRef is a reference to a WorkflowTemplate resource.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.io.k8s.community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
WorkflowStatus contains overall status information about a workflow
19 nested properties
ArtGCStatus maintains state related to ArtifactGC
Compressed and base64 decoded Nodes map
Conditions is a list of conditions the Workflow may have
EstimatedDuration in seconds.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
A human readable message indicating details about why the workflow is in this condition.
Nodes is a mapping between a node ID and the node's status.
Whether on not node status has been offloaded to a database. If exists, then Nodes and CompressedNodes will be empty. This will actually be populated with a hash of the offloaded data.
Outputs hold parameters, artifacts, and results from a step
PersistentVolumeClaims tracks all PVCs that were created as part of the io.argoproj.workflow.v1alpha1. The contents of this list are drained at the end of the workflow.
Phase a simple, high-level summary of where the workflow is in its lifecycle. Will be "" (Unknown), "Pending", or "Running" before the workflow is completed, and "Succeeded", "Failed" or "Error" once the workflow has completed.
Progress to completion
ResourcesDuration is the total for the workflow
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
StoredTemplates is a mapping between a template ref and the node's status.
WorkflowSpec is the specification of a Workflow.
SynchronizationStatus stores the status of semaphore and mutex.
TaskResultsCompletionStatus tracks task result completion status (mapped by node ID). Used to prevent premature archiving and garbage collection.
ZipStrategy will unzip zipped input artifacts
Represents a Persistent Disk resource in AWS.
An AWS EBS disk must exist before mounting to a container. The disk must also be in the same AWS zone as the kubelet. An AWS EBS disk can only be mounted as read/write once. AWS EBS volumes support ownership management and SELinux relabeling.
volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
Affinity is a group of affinity scheduling rules.
Node affinity is a group of node affinity scheduling rules.
2 nested properties
The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
A node selector represents the union of the results of one or more label queries over a set of nodes; that is, it represents the OR of the selectors represented by the node selector terms.
1 nested properties
Required. A list of node selector terms. The terms are ORed.
Pod affinity is a group of inter pod affinity scheduling rules.
2 nested properties
The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
Pod anti affinity is a group of inter pod anti affinity scheduling rules.
2 nested properties
The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and subtracting "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
AppArmorProfile defines a pod or container's AppArmor settings.
type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost".
AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
diskName is the Name of the data disk in the blob storage
diskURI is the URI of data disk in the blob storage
cachingMode is the Host Caching mode: None, Read Only, Read Write.
fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared
readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
AzureFile represents an Azure File Service mount on the host and bind mount to the pod.
secretName is the name of secret that contains Azure Storage Account Name and Key
shareName is the azure share Name
readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
Represents a source location of a volume to mount, managed by an external CSI driver
driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.
fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.
LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
1 nested properties
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).
volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.
Adds and removes POSIX capabilities from running containers.
Added capabilities
Removed capabilities
Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.
monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /
readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
1 nested properties
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.
volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
1 nested properties
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
ClusterTrustBundleProjection describes how to select a set of ClusterTrustBundle objects and project their contents into the pod filesystem.
Relative path from the volume root to write the bundle.
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
2 nested properties
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector.
If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles.
Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated.
ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.
The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the ConfigMap must be defined
Selects a key from a ConfigMap.
The key to select.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the ConfigMap or its key must be defined
Adapts a ConfigMap into a projected volume.
The contents of the target ConfigMap's Data field will be presented in a projected volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. Note that this is identical to a configmap volume source without the default mode.
items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
optional specify whether the ConfigMap or its keys must be defined
Adapts a ConfigMap into a volume.
The contents of the target ConfigMap's Data field will be presented in a volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. ConfigMap volumes support ownership management and SELinux relabeling.
defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
optional specify whether the ConfigMap or its keys must be defined
A single application container that you want to run within a pod.
Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
List of environment variables to set in the container. Cannot be updated.
List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.
3 nested properties
LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
StopSignal defines which signal will be sent to a container when it is being stopped. If not specified, the default is defined by the container runtime in use. StopSignal can only be set for Pods with a non-empty .spec.os.name
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
10 nested properties
ExecAction describes a "run in container" action.
1 nested properties
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
GRPCAction specifies an action involving a GRPC service.
2 nested properties
Port number of the gRPC service. Number must be in the range 1 to 65535.
Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
HTTPGetAction describes an action based on HTTP Get requests.
5 nested properties
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
Custom headers to set in the request. HTTP allows repeated headers.
Path to access on the HTTP server.
Scheme to use for connecting to the host. Defaults to HTTP.
Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
TCPSocketAction describes an action based on opening a socket
2 nested properties
Optional: Host name to connect to, defaults to the pod IP.
Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
10 nested properties
ExecAction describes a "run in container" action.
1 nested properties
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
GRPCAction specifies an action involving a GRPC service.
2 nested properties
Port number of the gRPC service. Number must be in the range 1 to 65535.
Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
HTTPGetAction describes an action based on HTTP Get requests.
5 nested properties
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
Custom headers to set in the request. HTTP allows repeated headers.
Path to access on the HTTP server.
Scheme to use for connecting to the host. Defaults to HTTP.
Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
TCPSocketAction describes an action based on opening a socket
2 nested properties
Optional: Host name to connect to, defaults to the pod IP.
Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Resources resize policy for the container. This field cannot be set on ephemeral containers.
ResourceRequirements describes the compute resource requirements.
3 nested properties
Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
This field depends on the DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
RestartPolicy defines the restart behavior of individual containers in a pod. This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Additionally, setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.
Represents a list of rules to be checked to determine if the container should be restarted on exit. The rules are evaluated in order. Once a rule matches a container exit condition, the remaining rules are ignored. If no rule matches the container exit condition, the Container-level restart policy determines the whether the container is restarted or not. Constraints on the rules: - At most 20 rules are allowed. - Rules can have the same action. - Identical rules are not forbidden in validations. When rules are specified, container MUST set RestartPolicy explicitly even it if matches the Pod's RestartPolicy.
SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.
12 nested properties
AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
AppArmorProfile defines a pod or container's AppArmor settings.
2 nested properties
type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost".
Adds and removes POSIX capabilities from running containers.
2 nested properties
Added capabilities
Removed capabilities
Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
4 nested properties
Level is SELinux level label that applies to the container.
Role is a SELinux role label that applies to the container.
Type is a SELinux type label that applies to the container.
User is a SELinux user label that applies to the container.
SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
2 nested properties
type indicates which kind of seccomp profile will be applied. Valid options are:
Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
WindowsSecurityContextOptions contain Windows-specific options and credentials.
4 nested properties
GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
GMSACredentialSpecName is the name of the GMSA credential spec to use.
HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
10 nested properties
ExecAction describes a "run in container" action.
1 nested properties
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
GRPCAction specifies an action involving a GRPC service.
2 nested properties
Port number of the gRPC service. Number must be in the range 1 to 65535.
Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
HTTPGetAction describes an action based on HTTP Get requests.
5 nested properties
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
Custom headers to set in the request. HTTP allows repeated headers.
Path to access on the HTTP server.
Scheme to use for connecting to the host. Defaults to HTTP.
Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
TCPSocketAction describes an action based on opening a socket
2 nested properties
Optional: Host name to connect to, defaults to the pod IP.
Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
volumeDevices is the list of block devices to be used by the container.
Pod volumes to mount into the container's filesystem. Cannot be updated.
Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
ContainerPort represents a network port in a single container.
Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.
What host IP to bind the external port to.
Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.
If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.
Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".
ContainerResizePolicy represents resource resize policy for the container.
Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
ContainerRestartRule describes how a container exit is handled.
Specifies the action taken on a container exit if the requirements are satisfied. The only possible value is "Restart" to restart the container.
ContainerRestartRuleOnExitCodes describes the condition for handling an exited container based on its exit codes.
2 nested properties
Represents the relationship between the container exit code(s) and the specified values. Possible values are: - In: the requirement is satisfied if the container exit code is in the set of specified values.
- NotIn: the requirement is satisfied if the container exit code is not in the set of specified values.
Specifies the set of values to check for container exit codes. At most 255 elements are allowed.
ContainerRestartRuleOnExitCodes describes the condition for handling an exited container based on its exit codes.
Represents the relationship between the container exit code(s) and the specified values. Possible values are: - In: the requirement is satisfied if the container exit code is in the set of specified values.
- NotIn: the requirement is satisfied if the container exit code is not in the set of specified values.
Specifies the set of values to check for container exit codes. At most 255 elements are allowed.
Represents downward API info for projecting into a projected volume. Note that this is identical to a downwardAPI volume source without the default mode.
Items is a list of DownwardAPIVolume file
DownwardAPIVolumeFile represents information to create the file containing the pod field
Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
ObjectFieldSelector selects an APIVersioned field of an object.
2 nested properties
Path of the field to select in the specified API version.
Version of the schema the FieldPath is written in terms of, defaults to "v1".
Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
ResourceFieldSelector represents container resources (cpu, memory) and their output format
3 nested properties
Required: resource to select
Container name: required for volumes, optional for env vars
Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.
The serialization format is:
(Note that <suffix> may be empty, from the "" case in <decimalSI>.)
<digit> ::= 0 | 1 | ... | 9 <digits> ::= <digit> | <digit><digits> <number> ::= <digits> | <digits>.<digits> | <digits>. | .<digits> <sign> ::= "+" | "-" <signedNumber> ::= <number> | <sign><number> <suffix> ::= <binarySI> | <decimalExponent> | <decimalSI> <binarySI> ::= Ki | Mi | Gi | Ti | Pi | Ei
(International System of units; See: <http://physics.nist.gov/cuu/Units/binary.html)>
<decimalSI> ::= m | "" | k | M | G | T | P | E
(Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)
<decimalExponent> ::= "e" <signedNumber> | "E" <signedNumber> ```
No matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:
- No precision is lost - No fractional digits will be emitted - The exponent (or suffix) is as large as possible.
The sign will be omitted unless the number is negative.
Examples:
- 1.5 will be serialized as "1500m" - 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)
This format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation.DownwardAPIVolumeSource represents a volume containing downward API info. Downward API volumes support ownership management and SELinux relabeling.
Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
Items is a list of downward API volume file
Represents an empty directory for a pod. Empty directory volumes support ownership management and SELinux relabeling.
medium represents what type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.
The serialization format is:
(Note that <suffix> may be empty, from the "" case in <decimalSI>.)
<digit> ::= 0 | 1 | ... | 9 <digits> ::= <digit> | <digit><digits> <number> ::= <digits> | <digits>.<digits> | <digits>. | .<digits> <sign> ::= "+" | "-" <signedNumber> ::= <number> | <sign><number> <suffix> ::= <binarySI> | <decimalExponent> | <decimalSI> <binarySI> ::= Ki | Mi | Gi | Ti | Pi | Ei
(International System of units; See: <http://physics.nist.gov/cuu/Units/binary.html)>
<decimalSI> ::= m | "" | k | M | G | T | P | E
(Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)
<decimalExponent> ::= "e" <signedNumber> | "E" <signedNumber> ```
No matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:
- No precision is lost - No fractional digits will be emitted - The exponent (or suffix) is as large as possible.
The sign will be omitted unless the number is negative.
Examples:
- 1.5 will be serialized as "1500m" - 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)
This format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation.EnvFromSource represents the source of a set of ConfigMaps or Secrets
ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.
The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.
2 nested properties
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the ConfigMap must be defined
Optional text to prepend to the name of each environment variable. May consist of any printable ASCII characters except '='.
SecretEnvSource selects a Secret to populate the environment variables with.
The contents of the target Secret's Data field will represent the key-value pairs as environment variables.
2 nested properties
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret must be defined
EnvVar represents an environment variable present in a Container.
Name of the environment variable. May consist of any printable ASCII characters except '='.
Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
EnvVarSource represents a source for the value of an EnvVar.
5 nested properties
Selects a key from a ConfigMap.
3 nested properties
The key to select.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the ConfigMap or its key must be defined
ObjectFieldSelector selects an APIVersioned field of an object.
2 nested properties
Path of the field to select in the specified API version.
Version of the schema the FieldPath is written in terms of, defaults to "v1".
FileKeySelector selects a key of the env file.
4 nested properties
The key within the env file. An invalid key will prevent the pod from starting. The keys defined within a source may consist of any printable ASCII characters except '='. During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.
The path within the volume from which to select the file. Must be relative and may not contain the '..' path or start with '..'.
The name of the volume mount containing the env file.
Specify whether the file or its key must be defined. If the file or key does not exist, then the env var is not published. If optional is set to true and the specified key does not exist, the environment variable will not be set in the Pod's containers.
If optional is set to false and the specified key does not exist, an error will be returned during Pod creation.
ResourceFieldSelector represents container resources (cpu, memory) and their output format
3 nested properties
Required: resource to select
Container name: required for volumes, optional for env vars
Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.
The serialization format is:
(Note that <suffix> may be empty, from the "" case in <decimalSI>.)
<digit> ::= 0 | 1 | ... | 9 <digits> ::= <digit> | <digit><digits> <number> ::= <digits> | <digits>.<digits> | <digits>. | .<digits> <sign> ::= "+" | "-" <signedNumber> ::= <number> | <sign><number> <suffix> ::= <binarySI> | <decimalExponent> | <decimalSI> <binarySI> ::= Ki | Mi | Gi | Ti | Pi | Ei
(International System of units; See: <http://physics.nist.gov/cuu/Units/binary.html)>
<decimalSI> ::= m | "" | k | M | G | T | P | E
(Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)
<decimalExponent> ::= "e" <signedNumber> | "E" <signedNumber> ```
No matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:
- No precision is lost - No fractional digits will be emitted - The exponent (or suffix) is as large as possible.
The sign will be omitted unless the number is negative.
Examples:
- 1.5 will be serialized as "1500m" - 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)
This format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation.SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
EnvVarSource represents a source for the value of an EnvVar.
Selects a key from a ConfigMap.
3 nested properties
The key to select.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the ConfigMap or its key must be defined
ObjectFieldSelector selects an APIVersioned field of an object.
2 nested properties
Path of the field to select in the specified API version.
Version of the schema the FieldPath is written in terms of, defaults to "v1".
FileKeySelector selects a key of the env file.
4 nested properties
The key within the env file. An invalid key will prevent the pod from starting. The keys defined within a source may consist of any printable ASCII characters except '='. During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.
The path within the volume from which to select the file. Must be relative and may not contain the '..' path or start with '..'.
The name of the volume mount containing the env file.
Specify whether the file or its key must be defined. If the file or key does not exist, then the env var is not published. If optional is set to true and the specified key does not exist, the environment variable will not be set in the Pod's containers.
If optional is set to false and the specified key does not exist, an error will be returned during Pod creation.
ResourceFieldSelector represents container resources (cpu, memory) and their output format
3 nested properties
Required: resource to select
Container name: required for volumes, optional for env vars
Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.
The serialization format is:
(Note that <suffix> may be empty, from the "" case in <decimalSI>.)
<digit> ::= 0 | 1 | ... | 9 <digits> ::= <digit> | <digit><digits> <number> ::= <digits> | <digits>.<digits> | <digits>. | .<digits> <sign> ::= "+" | "-" <signedNumber> ::= <number> | <sign><number> <suffix> ::= <binarySI> | <decimalExponent> | <decimalSI> <binarySI> ::= Ki | Mi | Gi | Ti | Pi | Ei
(International System of units; See: <http://physics.nist.gov/cuu/Units/binary.html)>
<decimalSI> ::= m | "" | k | M | G | T | P | E
(Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)
<decimalExponent> ::= "e" <signedNumber> | "E" <signedNumber> ```
No matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:
- No precision is lost - No fractional digits will be emitted - The exponent (or suffix) is as large as possible.
The sign will be omitted unless the number is negative.
Examples:
- 1.5 will be serialized as "1500m" - 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)
This format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation.SecretKeySelector selects a key of a Secret.
3 nested properties
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Represents an ephemeral volume that is handled by a normal storage driver.
PersistentVolumeClaimTemplate is used to produce PersistentVolumeClaim objects as part of an EphemeralVolumeSource.
2 nested properties
PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes
9 nested properties
accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace.
TypedObjectReference contains enough information to let you locate the typed referenced object
VolumeResourceRequirements describes the storage resource requirements for a volume.
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string or nil value indicates that no VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, this field can be reset to its previous value (including nil) to cancel the modification. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
volumeName is the binding reference to the PersistentVolume backing this claim.
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
15 nested properties
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will return a 409.
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
Event is a report of an event somewhere in the cluster. Events have a limited retention time and triggers and messages may evolve with time. Event consumers should not rely on the timing of an event with a given Reason reflecting a consistent underlying trigger, or the continued existence of events with that Reason. Events should be treated as informative, best-effort, supplemental data.
ObjectReference contains enough information to let you inspect or modify the referred object.
7 nested properties
API version of the referent.
If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
15 nested properties
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will return a 409.
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
What action was taken/failed regarding to the Regarding object.
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
The number of times this event has occurred.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
A human-readable description of the status of this operation.
This should be a short, machine understandable string that gives the reason for the transition into the object's current status.
ObjectReference contains enough information to let you inspect or modify the referred object.
7 nested properties
API version of the referent.
If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
Name of the controller that emitted this Event, e.g. kubernetes.io/kubelet.
ID of the controller instance, e.g. kubelet-xyzf.
EventSeries contain information on series of events, i.e. thing that was/is happening continuously for some time.
2 nested properties
Number of occurrences in this series up to the last heartbeat time
MicroTime is version of Time with microsecond level precision.
EventSource contains information for an event.
2 nested properties
Component from which the event is generated.
Node name on which the event is generated.
Type of this event (Normal, Warning), new types could be added in the future
EventSeries contain information on series of events, i.e. thing that was/is happening continuously for some time.
Number of occurrences in this series up to the last heartbeat time
MicroTime is version of Time with microsecond level precision.
EventSource contains information for an event.
Component from which the event is generated.
Node name on which the event is generated.
ExecAction describes a "run in container" action.
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
Represents a Fibre Channel volume. Fibre Channel volumes can only be mounted as read/write once. Fibre Channel volumes support ownership management and SELinux relabeling.
fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
lun is Optional: FC target lun number
readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
targetWWNs is Optional: FC target worldwide names (WWNs)
wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
FileKeySelector selects a key of the env file.
The key within the env file. An invalid key will prevent the pod from starting. The keys defined within a source may consist of any printable ASCII characters except '='. During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.
The path within the volume from which to select the file. Must be relative and may not contain the '..' path or start with '..'.
The name of the volume mount containing the env file.
Specify whether the file or its key must be defined. If the file or key does not exist, then the env var is not published. If optional is set to true and the specified key does not exist, the environment variable will not be set in the Pod's containers.
If optional is set to false and the specified key does not exist, an error will be returned during Pod creation.
FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.
driver is the name of the driver to use for this volume.
fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
options is Optional: this field holds extra command options if any.
readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
1 nested properties
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Represents a Flocker volume mounted by the Flocker agent. One and only one of datasetName and datasetUUID should be set. Flocker volumes do not support ownership management or SELinux relabeling.
datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated
datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset
Represents a Persistent Disk resource in Google Compute Engine.
A GCE PD must exist before mounting to a container. The disk must also be in the same GCE project and zone as the kubelet. A GCE PD can only be mounted as read/write once or read-only many times. GCE PDs support ownership management and SELinux relabeling.
pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
GRPCAction specifies an action involving a GRPC service.
Port number of the gRPC service. Number must be in the range 1 to 65535.
Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.
DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.
repository is the URL
directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.
revision is the commit hash for the specified revision.
Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling.
endpoints is the endpoint name that details Glusterfs topology.
path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
HTTPGetAction describes an action based on HTTP Get requests.
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
Custom headers to set in the request. HTTP allows repeated headers.
Path to access on the HTTP server.
Scheme to use for connecting to the host. Defaults to HTTP.
HTTPHeader describes a custom header to be used in HTTP probes
The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
The header field value
HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file.
IP address of the host file entry.
Hostnames for the above IP address.
Represents a host path mapped into a pod. Host path volumes do not support ownership management or SELinux relabeling.
path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.
iqn is the target iSCSI Qualified Name.
lun represents iSCSI Target Lun number.
targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
chapAuthSession defines whether support iSCSI Session CHAP authentication
fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.
LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
1 nested properties
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
ImageVolumeSource represents a image volume resource.
Policy for pulling OCI objects. Possible values are: Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
Required: Image or artifact reference to be used. Behaves in the same way as pod.spec.containers[*].image. Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
Maps a string key to a path within a volume.
key is the key to project.
path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.
mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.
LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
4 nested properties
ExecAction describes a "run in container" action.
1 nested properties
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
HTTPGetAction describes an action based on HTTP Get requests.
5 nested properties
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
Custom headers to set in the request. HTTP allows repeated headers.
Path to access on the HTTP server.
Scheme to use for connecting to the host. Defaults to HTTP.
SleepAction describes a "sleep" action.
1 nested properties
Seconds is the number of seconds to sleep.
LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
4 nested properties
ExecAction describes a "run in container" action.
1 nested properties
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
HTTPGetAction describes an action based on HTTP Get requests.
5 nested properties
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
Custom headers to set in the request. HTTP allows repeated headers.
Path to access on the HTTP server.
Scheme to use for connecting to the host. Defaults to HTTP.
SleepAction describes a "sleep" action.
1 nested properties
Seconds is the number of seconds to sleep.
StopSignal defines which signal will be sent to a container when it is being stopped. If not specified, the default is defined by the container runtime in use. StopSignal can only be set for Pods with a non-empty .spec.os.name
LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.
ExecAction describes a "run in container" action.
1 nested properties
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
HTTPGetAction describes an action based on HTTP Get requests.
5 nested properties
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
Custom headers to set in the request. HTTP allows repeated headers.
Path to access on the HTTP server.
Scheme to use for connecting to the host. Defaults to HTTP.
SleepAction describes a "sleep" action.
1 nested properties
Seconds is the number of seconds to sleep.
LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
ModifyVolumeStatus represents the status object of ControllerModifyVolume operation
status is the status of the ControllerModifyVolume operation. It can be in any of following states:
- Pending Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as the specified VolumeAttributesClass not existing.
- InProgress InProgress indicates that the volume is being modified.
- Infeasible Infeasible indicates that the request has been rejected as invalid by the CSI driver. To resolve the error, a valid VolumeAttributesClass needs to be specified. Note: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.
targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled
Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do not support ownership management or SELinux relabeling.
path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
Node affinity is a group of node affinity scheduling rules.
The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
A node selector represents the union of the results of one or more label queries over a set of nodes; that is, it represents the OR of the selectors represented by the node selector terms.
1 nested properties
Required. A list of node selector terms. The terms are ORed.
A node selector represents the union of the results of one or more label queries over a set of nodes; that is, it represents the OR of the selectors represented by the node selector terms.
Required. A list of node selector terms. The terms are ORed.
A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
The label key that the selector applies to.
Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
A list of node selector requirements by node's labels.
A list of node selector requirements by node's fields.
ObjectFieldSelector selects an APIVersioned field of an object.
Path of the field to select in the specified API version.
Version of the schema the FieldPath is written in terms of, defaults to "v1".
ObjectReference contains enough information to let you inspect or modify the referred object.
API version of the referent.
If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
PersistentVolumeClaim is a user's request for and claim to a persistent volume
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
15 nested properties
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will return a 409.
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes
9 nested properties
accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace.
3 nested properties
Kind is the type of resource being referenced
Name is the name of resource being referenced
APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
TypedObjectReference contains enough information to let you locate the typed referenced object
4 nested properties
Kind is the type of resource being referenced
Name is the name of resource being referenced
APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
VolumeResourceRequirements describes the storage resource requirements for a volume.
2 nested properties
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
2 nested properties
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string or nil value indicates that no VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, this field can be reset to its previous value (including nil) to cancel the modification. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
volumeName is the binding reference to the PersistentVolume backing this claim.
PersistentVolumeClaimStatus is the current status of a persistent volume claim.
8 nested properties
accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.
ClaimResourceStatus can be in any of following states: - ControllerResizeInProgress: State set when resize controller starts resizing the volume in control-plane. - ControllerResizeFailed: State set when resize has failed in resize controller with a terminal error. - NodeResizePending: State set when resize controller has finished resizing the volume but further resizing of volume is needed on the node. - NodeResizeInProgress: State set when kubelet starts resizing the volume. - NodeResizeFailed: State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed. For example: if expanding a PVC for more capacity - this field can be one of the following states: - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress" - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed" - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending" - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress" - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" When this field is not set, it means that no resize operation is in progress for the given PVC.
A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.
allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.
Capacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity.
A controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.
capacity represents the actual resources of the underlying volume.
conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'Resizing'.
currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim
ModifyVolumeStatus represents the status object of ControllerModifyVolume operation
2 nested properties
status is the status of the ControllerModifyVolume operation. It can be in any of following states:
- Pending Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as the specified VolumeAttributesClass not existing.
- InProgress InProgress indicates that the volume is being modified.
- Infeasible Infeasible indicates that the request has been rejected as invalid by the CSI driver. To resolve the error, a valid VolumeAttributesClass needs to be specified. Note: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.
targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled
phase represents the current phase of PersistentVolumeClaim.
PersistentVolumeClaimCondition contains details about state of pvc
Status is the status of the condition. Can be True, False, Unknown. More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
message is the human-readable message indicating details about last transition.
reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "Resizing" that means the underlying persistent volume is being resized.
PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes
accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace.
3 nested properties
Kind is the type of resource being referenced
Name is the name of resource being referenced
APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
TypedObjectReference contains enough information to let you locate the typed referenced object
4 nested properties
Kind is the type of resource being referenced
Name is the name of resource being referenced
APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
VolumeResourceRequirements describes the storage resource requirements for a volume.
2 nested properties
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
2 nested properties
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string or nil value indicates that no VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, this field can be reset to its previous value (including nil) to cancel the modification. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
volumeName is the binding reference to the PersistentVolume backing this claim.
PersistentVolumeClaimStatus is the current status of a persistent volume claim.
accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.
ClaimResourceStatus can be in any of following states: - ControllerResizeInProgress: State set when resize controller starts resizing the volume in control-plane. - ControllerResizeFailed: State set when resize has failed in resize controller with a terminal error. - NodeResizePending: State set when resize controller has finished resizing the volume but further resizing of volume is needed on the node. - NodeResizeInProgress: State set when kubelet starts resizing the volume. - NodeResizeFailed: State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed. For example: if expanding a PVC for more capacity - this field can be one of the following states: - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress" - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed" - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending" - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress" - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" When this field is not set, it means that no resize operation is in progress for the given PVC.
A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.
allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.
Capacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity.
A controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.
capacity represents the actual resources of the underlying volume.
conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'Resizing'.
currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim
ModifyVolumeStatus represents the status object of ControllerModifyVolume operation
2 nested properties
status is the status of the ControllerModifyVolume operation. It can be in any of following states:
- Pending Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as the specified VolumeAttributesClass not existing.
- InProgress InProgress indicates that the volume is being modified.
- Infeasible Infeasible indicates that the request has been rejected as invalid by the CSI driver. To resolve the error, a valid VolumeAttributesClass needs to be specified. Note: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.
targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled
phase represents the current phase of PersistentVolumeClaim.
PersistentVolumeClaimTemplate is used to produce PersistentVolumeClaim objects as part of an EphemeralVolumeSource.
PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes
9 nested properties
accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace.
3 nested properties
Kind is the type of resource being referenced
Name is the name of resource being referenced
APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
TypedObjectReference contains enough information to let you locate the typed referenced object
4 nested properties
Kind is the type of resource being referenced
Name is the name of resource being referenced
APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
VolumeResourceRequirements describes the storage resource requirements for a volume.
2 nested properties
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
2 nested properties
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string or nil value indicates that no VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, this field can be reset to its previous value (including nil) to cancel the modification. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
volumeName is the binding reference to the PersistentVolume backing this claim.
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
15 nested properties
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will return a 409.
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. This volume finds the bound PV and mounts that volume for the pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another type of volume that is owned by someone else (the system).
claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
readOnly Will force the ReadOnly setting in VolumeMounts. Default false.
Represents a Photon Controller persistent disk resource.
pdID is the ID that identifies Photon Controller persistent disk
fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
Pod affinity is a group of inter pod affinity scheduling rules.
The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
2 nested properties
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with labelSelector as key in (value) to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set.
MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with labelSelector as key notin (value) to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
2 nested properties
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
Pod anti affinity is a group of inter pod anti affinity scheduling rules.
The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and subtracting "weight" from the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
PodCertificateProjection provides a private key and X.509 certificate in the pod filesystem.
The type of keypair Kubelet will generate for the pod.
Valid values are "RSA3072", "RSA4096", "ECDSAP256", "ECDSAP384", "ECDSAP521", and "ED25519".
Kubelet's generated CSRs will be addressed to this signer.
Write the certificate chain at this path in the projected volume.
Most applications should use credentialBundlePath. When using keyPath and certificateChainPath, your application needs to check that the key and leaf certificate are consistent, because it is possible to read the files mid-rotation.
Write the credential bundle at this path in the projected volume.
The credential bundle is a single file that contains multiple PEM blocks. The first PEM block is a PRIVATE KEY block, containing a PKCS#8 private key.
The remaining blocks are CERTIFICATE blocks, containing the issued certificate chain from the signer (leaf and any intermediates).
Using credentialBundlePath lets your Pod's application code make a single atomic read that retrieves a consistent key and certificate chain. If you project them to separate files, your application code will need to additionally check that the leaf certificate was issued to the key.
Write the key at this path in the projected volume.
Most applications should use credentialBundlePath. When using keyPath and certificateChainPath, your application needs to check that the key and leaf certificate are consistent, because it is possible to read the files mid-rotation.
maxExpirationSeconds is the maximum lifetime permitted for the certificate.
Kubelet copies this value verbatim into the PodCertificateRequests it generates for this projection.
If omitted, kube-apiserver will set it to 86400(24 hours). kube-apiserver will reject values shorter than 3600 (1 hour). The maximum allowable value is 7862400 (91 days).
The signer implementation is then free to issue a certificate with any lifetime shorter than MaxExpirationSeconds, but no shorter than 3600 seconds (1 hour). This constraint is enforced by kube-apiserver. kubernetes.io signers will never issue certificates with a lifetime longer than 24 hours.
userAnnotations allow pod authors to pass additional information to the signer implementation. Kubernetes does not restrict or validate this metadata in any way.
These values are copied verbatim into the spec.unverifiedUserAnnotations field of the PodCertificateRequest objects that Kubelet creates.
Entries are subject to the same validation as object metadata annotations, with the addition that all keys must be domain-prefixed. No restrictions are placed on values, except an overall size limitation on the entire field.
Signers should document the keys and values they support. Signers should deny requests that contain keys they do not recognize.
PodDNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.
A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.
A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.
A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.
PodDNSConfigOption defines DNS resolver options of a pod.
Name is this DNS resolver option's name. Required.
Value is this DNS resolver option's value.
PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.
AppArmorProfile defines a pod or container's AppArmor settings.
2 nested properties
type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost".
A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:
- The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw----
If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.
fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. Valid values are "MountOption" and "Recursive".
"Recursive" means relabeling of all files on all Pod volumes by the container runtime. This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.
"MountOption" mounts all eligible Pod volumes with -o context mount option. This requires all Pods that share the same volume to use the same SELinux label. It is not possible to share the same volume among privileged and unprivileged Pods. Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their CSIDriver instance. Other volumes are always re-labelled recursively. "MountOption" value is allowed only when SELinuxMount feature gate is enabled.
If not specified and SELinuxMount feature gate is enabled, "MountOption" is used. If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes and "Recursive" for all other volumes.
This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.
All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. Note that this field cannot be set when spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
4 nested properties
Level is SELinux level label that applies to the container.
Role is a SELinux role label that applies to the container.
Type is a SELinux type label that applies to the container.
User is a SELinux user label that applies to the container.
SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
2 nested properties
type indicates which kind of seccomp profile will be applied. Valid options are:
Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.
Defines how supplemental groups of the first container processes are calculated. Valid values are "Merge" and "Strict". If not specified, "Merge" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.
WindowsSecurityContextOptions contain Windows-specific options and credentials.
4 nested properties
GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
GMSACredentialSpecName is the name of the GMSA credential spec to use.
HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
PortworxVolumeSource represents a Portworx volume resource.
volumeID uniquely identifies a Portworx volume
fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
2 nested properties
A list of node selector requirements by node's labels.
A list of node selector requirements by node's fields.
Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.
ExecAction describes a "run in container" action.
1 nested properties
Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
GRPCAction specifies an action involving a GRPC service.
2 nested properties
Port number of the gRPC service. Number must be in the range 1 to 65535.
Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
HTTPGetAction describes an action based on HTTP Get requests.
5 nested properties
Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
Custom headers to set in the request. HTTP allows repeated headers.
Path to access on the HTTP server.
Scheme to use for connecting to the host. Defaults to HTTP.
Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
TCPSocketAction describes an action based on opening a socket
2 nested properties
Optional: Host name to connect to, defaults to the pod IP.
Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
Represents a projected volume source
defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
sources is the list of volume projections. Each entry in this list handles one source.
Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte volumes do not support ownership management or SELinux relabeling.
registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
volume is a string that references an already created Quobyte volume by name.
group to map volume access to Default is no group
readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.
tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin
user to map volume access to Defaults to serivceaccount user
Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.
image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
1 nested properties
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
ResourceClaim references one entry in PodSpec.ResourceClaims.
Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
ResourceFieldSelector represents container resources (cpu, memory) and their output format
Required: resource to select
Container name: required for volumes, optional for env vars
Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.
The serialization format is:
(Note that <suffix> may be empty, from the "" case in <decimalSI>.)
<digit> ::= 0 | 1 | ... | 9 <digits> ::= <digit> | <digit><digits> <number> ::= <digits> | <digits>.<digits> | <digits>. | .<digits> <sign> ::= "+" | "-" <signedNumber> ::= <number> | <sign><number> <suffix> ::= <binarySI> | <decimalExponent> | <decimalSI> <binarySI> ::= Ki | Mi | Gi | Ti | Pi | Ei
(International System of units; See: <http://physics.nist.gov/cuu/Units/binary.html)>
<decimalSI> ::= m | "" | k | M | G | T | P | E
(Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)
<decimalExponent> ::= "e" <signedNumber> | "E" <signedNumber> ```
No matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:
- No precision is lost - No fractional digits will be emitted - The exponent (or suffix) is as large as possible.
The sign will be omitted unless the number is negative.
Examples:
- 1.5 will be serialized as "1500m" - 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)
This format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation.ResourceRequirements describes the compute resource requirements.
Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.
This field depends on the DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
SELinuxOptions are the labels to be applied to the container
Level is SELinux level label that applies to the container.
Role is a SELinux role label that applies to the container.
Type is a SELinux type label that applies to the container.
User is a SELinux user label that applies to the container.
ScaleIOVolumeSource represents a persistent ScaleIO volume
gateway is the host address of the ScaleIO API Gateway.
LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
1 nested properties
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
system is the name of the storage system as configured in ScaleIO.
fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.
readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
sslEnabled Flag enable/disable SSL communication with Gateway, default false
storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
storagePool is the ScaleIO Storage Pool associated with the protection domain.
volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.
SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
type indicates which kind of seccomp profile will be applied. Valid options are:
Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
SecretEnvSource selects a Secret to populate the environment variables with.
The contents of the target Secret's Data field will represent the key-value pairs as environment variables.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret must be defined
SecretKeySelector selects a key of a Secret.
The key of the secret to select from. Must be a valid secret key.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Specify whether the Secret or its key must be defined
Adapts a secret into a projected volume.
The contents of the target Secret's Data field will be presented in a projected volume as files using the keys in the Data field as the file names. Note that this is identical to a secret volume source without the default mode.
items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
optional field specify whether the Secret or its key must be defined
Adapts a Secret into a volume.
The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling.
defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
optional field specify whether the Secret or its keys must be defined
secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.
AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
AppArmorProfile defines a pod or container's AppArmor settings.
2 nested properties
type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost".
Adds and removes POSIX capabilities from running containers.
2 nested properties
Added capabilities
Removed capabilities
Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
SELinuxOptions are the labels to be applied to the container
4 nested properties
Level is SELinux level label that applies to the container.
Role is a SELinux role label that applies to the container.
Type is a SELinux type label that applies to the container.
User is a SELinux user label that applies to the container.
SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.
2 nested properties
type indicates which kind of seccomp profile will be applied. Valid options are:
Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
WindowsSecurityContextOptions contain Windows-specific options and credentials.
4 nested properties
GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
GMSACredentialSpecName is the name of the GMSA credential spec to use.
HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
ServiceAccountTokenProjection represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).
path is the path relative to the mount point of the file to project the token into.
audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.
ServicePort contains information on service's port.
The port that will be exposed by this service.
The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either:
-
Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names).
-
Kubernetes-defined prefixed names:
- 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-
- 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455
- 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455
-
Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.
The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service.
The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP.
SleepAction describes a "sleep" action.
Seconds is the number of seconds to sleep.
Represents a StorageOS persistent volume resource.
fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
1 nested properties
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.
volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.
Sysctl defines a kernel parameter to be set
Name of a property to set
Value of a property to set
TCPSocketAction describes an action based on opening a socket
Optional: Host name to connect to, defaults to the pod IP.
The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator
Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
Operator represents a key's relationship to the value. Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators).
TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace.
Kind is the type of resource being referenced
Name is the name of resource being referenced
APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
TypedObjectReference contains enough information to let you locate the typed referenced object
Kind is the type of resource being referenced
Name is the name of resource being referenced
APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
Volume represents a named volume in a pod that may be accessed by any container in the pod.
name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Represents a Persistent Disk resource in AWS.
An AWS EBS disk must exist before mounting to a container. The disk must also be in the same AWS zone as the kubelet. An AWS EBS disk can only be mounted as read/write once. AWS EBS volumes support ownership management and SELinux relabeling.
4 nested properties
volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
6 nested properties
diskName is the Name of the data disk in the blob storage
diskURI is the URI of data disk in the blob storage
cachingMode is the Host Caching mode: None, Read Only, Read Write.
fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared
readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
AzureFile represents an Azure File Service mount on the host and bind mount to the pod.
3 nested properties
secretName is the name of secret that contains Azure Storage Account Name and Key
shareName is the azure share Name
readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.
6 nested properties
monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /
readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
1 nested properties
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.
4 nested properties
volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md
LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
1 nested properties
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Adapts a ConfigMap into a volume.
The contents of the target ConfigMap's Data field will be presented in a volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. ConfigMap volumes support ownership management and SELinux relabeling.
4 nested properties
defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
optional specify whether the ConfigMap or its keys must be defined
Represents a source location of a volume to mount, managed by an external CSI driver
5 nested properties
driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.
fsType to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.
LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
1 nested properties
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).
volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.
DownwardAPIVolumeSource represents a volume containing downward API info. Downward API volumes support ownership management and SELinux relabeling.
2 nested properties
Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
Items is a list of downward API volume file
Represents an empty directory for a pod. Empty directory volumes support ownership management and SELinux relabeling.
2 nested properties
medium represents what type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.
The serialization format is:
(Note that <suffix> may be empty, from the "" case in <decimalSI>.)
<digit> ::= 0 | 1 | ... | 9 <digits> ::= <digit> | <digit><digits> <number> ::= <digits> | <digits>.<digits> | <digits>. | .<digits> <sign> ::= "+" | "-" <signedNumber> ::= <number> | <sign><number> <suffix> ::= <binarySI> | <decimalExponent> | <decimalSI> <binarySI> ::= Ki | Mi | Gi | Ti | Pi | Ei
(International System of units; See: <http://physics.nist.gov/cuu/Units/binary.html)>
<decimalSI> ::= m | "" | k | M | G | T | P | E
(Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)
<decimalExponent> ::= "e" <signedNumber> | "E" <signedNumber> ```
No matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:
- No precision is lost - No fractional digits will be emitted - The exponent (or suffix) is as large as possible.
The sign will be omitted unless the number is negative.
Examples:
- 1.5 will be serialized as "1500m" - 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)
This format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation.Represents an ephemeral volume that is handled by a normal storage driver.
1 nested properties
PersistentVolumeClaimTemplate is used to produce PersistentVolumeClaim objects as part of an EphemeralVolumeSource.
Represents a Fibre Channel volume. Fibre Channel volumes can only be mounted as read/write once. Fibre Channel volumes support ownership management and SELinux relabeling.
5 nested properties
fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
lun is Optional: FC target lun number
readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
targetWWNs is Optional: FC target worldwide names (WWNs)
wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.
5 nested properties
driver is the name of the driver to use for this volume.
fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
options is Optional: this field holds extra command options if any.
readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
1 nested properties
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Represents a Flocker volume mounted by the Flocker agent. One and only one of datasetName and datasetUUID should be set. Flocker volumes do not support ownership management or SELinux relabeling.
2 nested properties
datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated
datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset
Represents a Persistent Disk resource in Google Compute Engine.
A GCE PD must exist before mounting to a container. The disk must also be in the same GCE project and zone as the kubelet. A GCE PD can only be mounted as read/write once or read-only many times. GCE PDs support ownership management and SELinux relabeling.
4 nested properties
pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.
DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.
3 nested properties
repository is the URL
directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.
revision is the commit hash for the specified revision.
Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling.
3 nested properties
endpoints is the endpoint name that details Glusterfs topology.
path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
Represents a host path mapped into a pod. Host path volumes do not support ownership management or SELinux relabeling.
2 nested properties
path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
ImageVolumeSource represents a image volume resource.
2 nested properties
Policy for pulling OCI objects. Possible values are: Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
Required: Image or artifact reference to be used. Behaves in the same way as pod.spec.containers[*].image. Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.
11 nested properties
iqn is the target iSCSI Qualified Name.
lun represents iSCSI Target Lun number.
targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
chapAuthSession defines whether support iSCSI Session CHAP authentication
fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).
portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).
readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.
LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
1 nested properties
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do not support ownership management or SELinux relabeling.
3 nested properties
path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. This volume finds the bound PV and mounts that volume for the pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another type of volume that is owned by someone else (the system).
2 nested properties
claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
readOnly Will force the ReadOnly setting in VolumeMounts. Default false.
Represents a Photon Controller persistent disk resource.
2 nested properties
pdID is the ID that identifies Photon Controller persistent disk
fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
PortworxVolumeSource represents a Portworx volume resource.
3 nested properties
volumeID uniquely identifies a Portworx volume
fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
Represents a projected volume source
2 nested properties
defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
sources is the list of volume projections. Each entry in this list handles one source.
Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte volumes do not support ownership management or SELinux relabeling.
6 nested properties
registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
volume is a string that references an already created Quobyte volume by name.
group to map volume access to Default is no group
readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.
tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin
user to map volume access to Defaults to serivceaccount user
Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.
8 nested properties
image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
1 nested properties
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
ScaleIOVolumeSource represents a persistent ScaleIO volume
10 nested properties
gateway is the host address of the ScaleIO API Gateway.
LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
1 nested properties
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
system is the name of the storage system as configured in ScaleIO.
fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".
protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.
readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
sslEnabled Flag enable/disable SSL communication with Gateway, default false
storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.
storagePool is the ScaleIO Storage Pool associated with the protection domain.
volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.
Adapts a Secret into a volume.
The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling.
4 nested properties
defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
optional field specify whether the Secret or its keys must be defined
secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
Represents a StorageOS persistent volume resource.
5 nested properties
fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.
LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
1 nested properties
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.
volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.
Represents a vSphere volume resource.
4 nested properties
volumePath is the path that identifies vSphere volume vmdk
fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.
storagePolicyName is the storage Policy Based Management (SPBM) profile name.
volumeDevice describes a mapping of a raw block device within a container.
devicePath is the path inside of the container that the device will be mapped to.
name must match the name of a persistentVolumeClaim in the pod
VolumeMount describes a mounting of a Volume within a container.
Path within the container at which the volume should be mounted. Must not contain ':'.
This must match the Name of a Volume.
mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).
Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
RecursiveReadOnly specifies whether read-only mounts should be handled recursively.
If ReadOnly is false, this field has no meaning and must be unspecified.
If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason.
If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None).
If this field is not specified, it is treated as an equivalent of Disabled.
Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
Projection that may be projected along with other supported volume types. Exactly one of these fields must be set.
ClusterTrustBundleProjection describes how to select a set of ClusterTrustBundle objects and project their contents into the pod filesystem.
5 nested properties
Relative path from the volume root to write the bundle.
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
2 nested properties
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector.
If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles.
Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated.
Adapts a ConfigMap into a projected volume.
The contents of the target ConfigMap's Data field will be presented in a projected volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. Note that this is identical to a configmap volume source without the default mode.
3 nested properties
items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
optional specify whether the ConfigMap or its keys must be defined
Represents downward API info for projecting into a projected volume. Note that this is identical to a downwardAPI volume source without the default mode.
1 nested properties
Items is a list of DownwardAPIVolume file
PodCertificateProjection provides a private key and X.509 certificate in the pod filesystem.
7 nested properties
The type of keypair Kubelet will generate for the pod.
Valid values are "RSA3072", "RSA4096", "ECDSAP256", "ECDSAP384", "ECDSAP521", and "ED25519".
Kubelet's generated CSRs will be addressed to this signer.
Write the certificate chain at this path in the projected volume.
Most applications should use credentialBundlePath. When using keyPath and certificateChainPath, your application needs to check that the key and leaf certificate are consistent, because it is possible to read the files mid-rotation.
Write the credential bundle at this path in the projected volume.
The credential bundle is a single file that contains multiple PEM blocks. The first PEM block is a PRIVATE KEY block, containing a PKCS#8 private key.
The remaining blocks are CERTIFICATE blocks, containing the issued certificate chain from the signer (leaf and any intermediates).
Using credentialBundlePath lets your Pod's application code make a single atomic read that retrieves a consistent key and certificate chain. If you project them to separate files, your application code will need to additionally check that the leaf certificate was issued to the key.
Write the key at this path in the projected volume.
Most applications should use credentialBundlePath. When using keyPath and certificateChainPath, your application needs to check that the key and leaf certificate are consistent, because it is possible to read the files mid-rotation.
maxExpirationSeconds is the maximum lifetime permitted for the certificate.
Kubelet copies this value verbatim into the PodCertificateRequests it generates for this projection.
If omitted, kube-apiserver will set it to 86400(24 hours). kube-apiserver will reject values shorter than 3600 (1 hour). The maximum allowable value is 7862400 (91 days).
The signer implementation is then free to issue a certificate with any lifetime shorter than MaxExpirationSeconds, but no shorter than 3600 seconds (1 hour). This constraint is enforced by kube-apiserver. kubernetes.io signers will never issue certificates with a lifetime longer than 24 hours.
userAnnotations allow pod authors to pass additional information to the signer implementation. Kubernetes does not restrict or validate this metadata in any way.
These values are copied verbatim into the spec.unverifiedUserAnnotations field of the PodCertificateRequest objects that Kubelet creates.
Entries are subject to the same validation as object metadata annotations, with the addition that all keys must be domain-prefixed. No restrictions are placed on values, except an overall size limitation on the entire field.
Signers should document the keys and values they support. Signers should deny requests that contain keys they do not recognize.
Adapts a secret into a projected volume.
The contents of the target Secret's Data field will be presented in a projected volume as files using the keys in the Data field as the file names. Note that this is identical to a secret volume source without the default mode.
3 nested properties
items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.
Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
optional field specify whether the Secret or its key must be defined
ServiceAccountTokenProjection represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).
3 nested properties
path is the path relative to the mount point of the file to project the token into.
audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.
expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.
VolumeResourceRequirements describes the storage resource requirements for a volume.
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
Represents a vSphere volume resource.
volumePath is the path that identifies vSphere volume vmdk
fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.
storagePolicyName is the storage Policy Based Management (SPBM) profile name.
The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key
6 nested properties
This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
2 nested properties
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with labelSelector as key in (value) to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set.
MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with labelSelector as key notin (value) to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
2 nested properties
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace".
weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
WindowsSecurityContextOptions contain Windows-specific options and credentials.
GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
GMSACredentialSpecName is the name of the GMSA credential spec to use.
HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
PodDisruptionBudgetSpec is a description of a PodDisruptionBudget.
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
2 nested properties
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods should be considered for eviction. Current implementation considers healthy pods, as pods that have status.conditions item with type="Ready",status="True".
Valid policies are IfHealthyBudget and AlwaysAllow. If no policy is specified, the default behavior will be used, which corresponds to the IfHealthyBudget policy.
IfHealthyBudget policy means that running pods (status.phase="Running"), but not yet healthy can be evicted only if the guarded application is not disrupted (status.currentHealthy is at least equal to status.desiredHealthy). Healthy pods will be subject to the PDB for eviction.
AlwaysAllow policy means that all running pods (status.phase="Running"), but not yet healthy are considered disrupted and can be evicted regardless of whether the criteria in a PDB is met. This means perspective running pods of a disrupted application might not get a chance to become healthy. Healthy pods will be subject to the PDB for eviction.
Additional policies may be added in the future. Clients making eviction decisions should disallow eviction of unhealthy pods if they encounter an unrecognized policy in this field.
Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.
The serialization format is:
(Note that <suffix> may be empty, from the "" case in <decimalSI>.)
<digit> ::= 0 | 1 | ... | 9 <digits> ::= <digit> | <digit><digits> <number> ::= <digits> | <digits>.<digits> | <digits>. | .<digits> <sign> ::= "+" | "-" <signedNumber> ::= <number> | <sign><number> <suffix> ::= <binarySI> | <decimalExponent> | <decimalSI> <binarySI> ::= Ki | Mi | Gi | Ti | Pi | Ei
(International System of units; See: <http://physics.nist.gov/cuu/Units/binary.html)>
<decimalSI> ::= m | "" | k | M | G | T | P | E
(Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)
<decimalExponent> ::= "e" <signedNumber> | "E" <signedNumber> ```
No matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:
- No precision is lost - No fractional digits will be emitted - The exponent (or suffix) is as large as possible.
The sign will be omitted unless the number is negative.
Examples:
- 1.5 will be serialized as "1500m" - 1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)
This format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation.CreateOptions may be provided when creating an API object.
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON format.
Each key is either a '.' representing the field itself, and will always map to an empty set, or a string representing a sub-field or item. The string will follow one of these four formats: 'f:
The exact format is defined in sigs.k8s.io/structured-merge-diff
+protobuf.options.(gogoproto.goproto_stringer)=false
A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
matchExpressions is a list of label selector requirements. The requirements are ANDed.
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
key is the label key that the selector applies to.
operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.
continue may be set if the user set a limit on the number of items returned, and indicates that the server has more data available. The value is opaque and may be used to issue another request to the endpoint that served this list to retrieve the next set of available objects. Continuing a consistent list may not be possible if the server configuration has changed or more than a few minutes have passed. The resourceVersion field returned when using this continue value will be identical to the value in the first response, unless you have received this token from an error message.
remainingItemCount is the number of subsequent items in the list which are not included in this list response. If the list request contained label or field selectors, then the number of remaining items is unknown and the field will be left unset and omitted during serialization. If the list is complete (either because it is not chunking or because this is the last chunk), then there are no more remaining items and this field will be left unset and omitted during serialization. Servers older than v1.15 do not set this field. The intended use of the remainingItemCount is estimating the size of a collection. Clients should not rely on the remainingItemCount to be set or to be exact.
String that identifies the server's internal version of this object that can be used by clients to determine when objects have changed. Value must be treated as opaque by clients and passed unmodified back to the server. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of the resource that the fieldset applies to.
APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.
FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON format.
Each key is either a '.' representing the field itself, and will always map to an empty set, or a string representing a sub-field or item. The string will follow one of these four formats: 'f:
The exact format is defined in sigs.k8s.io/structured-merge-diff
Manager is an identifier of the workflow managing these fields.
Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.
Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
MicroTime is version of Time with microsecond level precision.
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will return a 409.
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.
API version of the referent.
Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.
If true, this reference points to the managing controller.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
CreateOptions may be provided when creating an API object.
3 nested properties
3 nested properties
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
15 nested properties
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will return a 409.
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
8 nested properties
Dependencies is a list of the events that this sensor is dependent on.
ErrorOnFailedRound if set to true, marks sensor state as error if the previous trigger round fails.
Once sensor state is set to error, no further triggers will be processed.
Triggers is a list of the things that this sensor evokes. These are the outputs from this sensor.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
3 nested properties
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
15 nested properties
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will return a 409.
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
8 nested properties
Dependencies is a list of the events that this sensor is dependent on.
ErrorOnFailedRound if set to true, marks sensor state as error if the previous trigger round fails.
Once sensor state is set to error, no further triggers will be processed.
Triggers is a list of the things that this sensor evokes. These are the outputs from this sensor.
3 nested properties
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
15 nested properties
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will return a 409.
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names
Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids
8 nested properties
Dependencies is a list of the events that this sensor is dependent on.
ErrorOnFailedRound if set to true, marks sensor state as error if the previous trigger round fails.
Once sensor state is set to error, no further triggers will be processed.
Triggers is a list of the things that this sensor evokes. These are the outputs from this sensor.