API endpoints | OpenShift REST APIs | OpenShift Container Platform 4.3

Binding v1 core

Definitions

Binding [v1/core]

The following table describes the parameters for the Binding object:

Field Type Description

Field	Type	Description
`apiVersion`	string	APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
`kind`	string	Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
`metadata`	ObjectMeta	Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
`target`	ObjectReference	The target object that you want to bind to the standard object.

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

target

ObjectReference

The target object that you want to bind to the standard object.

ObjectReference [v1/core]

The following table describes the parameters for ObjectReference object:

Field Type Description

Field	Type	Description
`apiVersion`	string	API version of the referent.
`fieldPath`	string	If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.
`kind`	string	Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
`name`	string	Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
`namespace`	string	Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
`resourceVersion`	string	Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
`uid`	string	UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

apiVersion

string

API version of the referent.

fieldPath

string

If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

Field	Type	Description
`annotations`	object	Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
`clusterName`	string	The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.
`creationTimestamp`	Time	CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
`deletionGracePeriodSeconds`	integer	Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
`deletionTimestamp`	Time	DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
`finalizers`	string array	Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.
`generateName`	string	GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
`generation`	integer	A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
`labels`	object	Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
`managedFields`	ManagedFieldsEntry array	ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
`name`	string	Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names
`namespace`	string	Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
`ownerReferences`	OwnerReference array	List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
`resourceVersion`	string	An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
`selfLink`	string	SelfLink is a URL representing this object. Populated by the system. Read-only. DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.
`uid`	string	UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

Field	Type	Description
`apiVersion`	string	API version of the referent.
`blockOwnerDeletion`	boolean	If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.
`controller`	boolean	If true, this reference points to the managing controller.
`kind`	string	Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
`name`	string	Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names
`uid`	string	UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

Field	Type	Description
`apiVersion`	string	APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.
`fieldsType`	string	FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"
`fieldsV1`	FieldsV1	FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.
`manager`	string	Manager is an identifier of the workflow managing these fields.
`operation`	string	Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.
`time`	Time	Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a Binding

HTTP request

post /api/v1/namespaces/{namespace}/bindings

Table 1. HTTP body
Object	Type
`body`	Binding

Table 2. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 3. Query parameters
Parameter	Description
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
`pretty`	If 'true', then the output is pretty printed.

Table 4. HTTP responses
Code	Type
200 - OK	Binding
201 - Created	Binding
202 - Accepted	Binding

ComponentStatus v1 core

Appears in

ComponentStatusList [core/v1]

Definitions

ComponentStatus [v1/core]

The following table describes the parameters for the ComponentStatus object:

Field Type Description

Field	Type	Description
`apiVersion`	string	APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
`conditions`	ComponentCondition array	List of component conditions observed
`kind`	string	Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
`metadata`	ObjectMeta	Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

conditions

ComponentCondition array

List of component conditions observed

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

ComponentStatusList [v1/core]

The following table describes the parameters for ComponentStatusList object:

Field Type Description

Field	Type	Description
`apiVersion`	string	APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
`items`	ComponentStatus array	List of ComponentStatus objects.
`kind`	string	Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
`metadata`	ListMeta	Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

ComponentStatus array

List of ComponentStatus objects.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

Field	Type	Description
`annotations`	object	Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
`clusterName`	string	The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.
`creationTimestamp`	Time	CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
`deletionGracePeriodSeconds`	integer	Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
`deletionTimestamp`	Time	DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
`finalizers`	string array	Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.
`generateName`	string	GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
`generation`	integer	A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
`labels`	object	Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
`managedFields`	ManagedFieldsEntry array	ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
`name`	string	Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names
`namespace`	string	Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
`ownerReferences`	OwnerReference array	List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
`resourceVersion`	string	An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
`selfLink`	string	SelfLink is a URL representing this object. Populated by the system. Read-only. DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.
`uid`	string	UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

Field	Type	Description
`apiVersion`	string	API version of the referent.
`blockOwnerDeletion`	boolean	If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.
`controller`	boolean	If true, this reference points to the managing controller.
`kind`	string	Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
`name`	string	Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names
`uid`	string	UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

Field	Type	Description
`apiVersion`	string	APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.
`fieldsType`	string	FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"
`fieldsV1`	FieldsV1	FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.
`manager`	string	Manager is an identifier of the workflow managing these fields.
`operation`	string	Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.
`time`	Time	Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

ComponentCondition [v1/core]

The following table describes the parameters for ComponentCondition object:

Field Type Description

Field	Type	Description
`error`	string	Condition error code for a component. For example, a health check error code.
`message`	string	Message about the condition for a component. For example, information about a health check.
`status`	string	Status of the condition for a component. Valid values for "Healthy": "True", "False", or "Unknown".
`type`	string	Type of condition for a component. Valid value: "Healthy"

error

string

Condition error code for a component. For example, a health check error code.

message

string

Message about the condition for a component. For example, information about a health check.

status

string

Status of the condition for a component. Valid values for "Healthy": "True", "False", or "Unknown".

type

string

Type of condition for a component. Valid value: "Healthy"

Operations

Read Operations

Read

read the specified ComponentStatus

HTTP request

get /api/v1/componentstatuses/{name}

Table 5. Path parameters
Parameter	Description
`name`	name of the ComponentStatus

Table 6. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 7. HTTP responses
Code	Type
200 - OK	ComponentStatus

List

list objects of kind ComponentStatus

HTTP request

get /api/v1/componentstatuses

Table 8. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 9. HTTP responses
Code	Type
200 - OK	ComponentStatusList

ConfigMap v1 core

Appears in

ConfigMapList [core/v1]

Definitions

ConfigMap [v1/core]

The following table describes the parameters for the ConfigMap object:

Field Type Description

Field	Type	Description
`apiVersion`	string	APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
`binaryData`	object	BinaryData contains the binary data. Each key must consist of alphanumeric characters, '-', '_' or '.'. BinaryData can contain byte sequences that are not in the UTF-8 range. The keys stored in BinaryData must not overlap with the ones in the Data field, this is enforced during validation process. Using this field will require 1.10+ apiserver and kubelet.
`data`	object	Data contains the configuration data. Each key must consist of alphanumeric characters, '-', '_' or '.'. Values with non-UTF-8 byte sequences must use the BinaryData field. The keys stored in Data must not overlap with the keys in the BinaryData field, this is enforced during validation process.
`kind`	string	Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
`metadata`	ObjectMeta	Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

binaryData

object

BinaryData contains the binary data. Each key must consist of alphanumeric characters, '-', '_' or '.'. BinaryData can contain byte sequences that are not in the UTF-8 range. The keys stored in BinaryData must not overlap with the ones in the Data field, this is enforced during validation process. Using this field will require 1.10+ apiserver and kubelet.

data

object

Data contains the configuration data. Each key must consist of alphanumeric characters, '-', '_' or '.'. Values with non-UTF-8 byte sequences must use the BinaryData field. The keys stored in Data must not overlap with the keys in the BinaryData field, this is enforced during validation process.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

ConfigMapList [v1/core]

The following table describes the parameters for ConfigMapList object:

Field Type Description

Field	Type	Description
`apiVersion`	string	APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
`items`	ConfigMap array	Items is the list of ConfigMaps.
`kind`	string	Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
`metadata`	ListMeta	More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

ConfigMap array

Items is the list of ConfigMaps.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

Field	Type	Description
`annotations`	object	Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
`clusterName`	string	The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.
`creationTimestamp`	Time	CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
`deletionGracePeriodSeconds`	integer	Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.
`deletionTimestamp`	Time	DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
`finalizers`	string array	Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.
`generateName`	string	GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
`generation`	integer	A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.
`labels`	object	Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
`managedFields`	ManagedFieldsEntry array	ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
`name`	string	Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names
`namespace`	string	Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
`ownerReferences`	OwnerReference array	List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
`resourceVersion`	string	An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
`selfLink`	string	SelfLink is a URL representing this object. Populated by the system. Read-only. DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.
`uid`	string	UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

Field	Type	Description
`apiVersion`	string	API version of the referent.
`blockOwnerDeletion`	boolean	If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.
`controller`	boolean	If true, this reference points to the managing controller.
`kind`	string	Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
`name`	string	Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names
`uid`	string	UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

Field	Type	Description
`apiVersion`	string	APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.
`fieldsType`	string	FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"
`fieldsV1`	FieldsV1	FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.
`manager`	string	Manager is an identifier of the workflow managing these fields.
`operation`	string	Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.
`time`	Time	Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a ConfigMap

HTTP request

post /api/v1/namespaces/{namespace}/configmaps

Table 10. HTTP body
Object	Type
`body`	ConfigMap

Table 11. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 12. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 13. HTTP responses
Code	Type
200 - OK	ConfigMap
201 - Created	ConfigMap
202 - Accepted	ConfigMap

Patch

partially update the specified ConfigMap

HTTP request

patch /api/v1/namespaces/{namespace}/configmaps/{name}

Table 14. HTTP body
Object	Type
`body`	Patch

Table 15. Path parameters
Parameter	Description
`name`	name of the ConfigMap
`namespace`	object name and auth scope, such as for teams and projects

Table 16. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 17. HTTP responses
Code	Type
200 - OK	ConfigMap

Replace

replace the specified ConfigMap

HTTP request

put /api/v1/namespaces/{namespace}/configmaps/{name}

Table 18. HTTP body
Object	Type
`body`	ConfigMap

Table 19. Path parameters
Parameter	Description
`name`	name of the ConfigMap
`namespace`	object name and auth scope, such as for teams and projects

Table 20. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 21. HTTP responses
Code	Type
200 - OK	ConfigMap
201 - Created	ConfigMap

Delete

delete a ConfigMap

HTTP request

delete /api/v1/namespaces/{namespace}/configmaps/{name}

Table 22. HTTP body
Object	Type
`body`	DeleteOptions

Table 23. Path parameters
Parameter	Description
`name`	name of the ConfigMap
`namespace`	object name and auth scope, such as for teams and projects

Table 24. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 25. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of ConfigMap

HTTP request

delete /api/v1/namespaces/{namespace}/configmaps

Table 26. HTTP body
Object	Type
`body`	DeleteOptions

Table 27. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 28. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 29. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified ConfigMap

HTTP request

get /api/v1/namespaces/{namespace}/configmaps/{name}

Table 30. Path parameters
Parameter	Description
`name`	name of the ConfigMap
`namespace`	object name and auth scope, such as for teams and projects

Table 31. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 32. HTTP responses
Code	Type
200 - OK	ConfigMap

List

list or watch objects of kind ConfigMap

HTTP request

get /api/v1/namespaces/{namespace}/configmaps

Table 33. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 34. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 35. HTTP responses
Code	Type
200 - OK	ConfigMapList

List All Namespaces

list or watch objects of kind ConfigMap

HTTP request

get /api/v1/configmaps

Table 36. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 37. HTTP responses
Code	Type
200 - OK	ConfigMapList

Watch

watch changes to an object of kind ConfigMap. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /api/v1/watch/namespaces/{namespace}/configmaps/{name}

Table 38. Path parameters
Parameter	Description
`name`	name of the ConfigMap
`namespace`	object name and auth scope, such as for teams and projects

Table 39. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 40. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of ConfigMap. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /api/v1/watch/namespaces/{namespace}/configmaps

Table 41. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 42. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 43. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List All Namespaces

watch individual changes to a list of ConfigMap. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /api/v1/watch/configmaps

Table 44. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 45. HTTP responses
Code	Type
200 - OK	WatchEvent

Endpoints v1 core

Appears in

EndpointsList [core/v1]

Definitions

Endpoints [v1/core]

The following table describes the parameters for the Endpoints object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

subsets

EndpointSubset array

The set of all endpoints is the union of all subsets. Addresses are placed into subsets according to the IPs they share. A single address with multiple ports, some of which are ready and some of which are not (because they come from different containers) will result in the address being displayed in different subsets for the different ports. No address will appear in both Addresses and NotReadyAddresses in the same subset. Sets of addresses and ports that comprise a service.

EndpointsList [v1/core]

The following table describes the parameters for EndpointsList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Endpoints array

List of endpoints.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

EndpointSubset [v1/core]

The following table describes the parameters for EndpointSubset object:

Field Type Description

addresses

EndpointAddress array

IP addresses which offer the related ports that are marked as ready. These endpoints should be considered safe for load balancers and clients to utilize.

notReadyAddresses

EndpointAddress array

IP addresses which offer the related ports but are not currently marked as ready because they have not yet finished starting, have recently failed a readiness check, or have recently failed a liveness check.

ports

EndpointPort array

Port numbers available on the related IP addresses.

EndpointPort [v1/core]

The following table describes the parameters for EndpointPort object:

Field Type Description

name

string

The name of this port. This must match the 'name' field in the corresponding ServicePort. Must be a DNS_LABEL. Optional only if one port is defined.

port

integer

The port number of the endpoint.

protocol

string

The IP protocol for this port. Must be UDP, TCP, or SCTP. Default is TCP.

EndpointAddress [v1/core]

The following table describes the parameters for EndpointAddress object:

Field Type Description

hostname

string

The Hostname of this endpoint

ip

string

The IP of this endpoint. May not be loopback (127.0.0.0/8), link-local (169.254.0.0/16), or link-local multicast ((224.0.0.0/24). IPv6 is also accepted but not fully supported on all platforms. Also, certain kubernetes components, like kube-proxy, are not IPv6 ready.

nodeName

string

Optional: Node hosting this endpoint. This can be used to determine endpoints local to a node.

targetRef

ObjectReference

Reference to object providing the endpoint.

ObjectReference [v1/core]

The following table describes the parameters for ObjectReference object:

Field Type Description

apiVersion

string

API version of the referent.

fieldPath

string

If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create Endpoints

HTTP request

post /api/v1/namespaces/{namespace}/endpoints

Table 46. HTTP body
Object	Type
`body`	Endpoints

Table 47. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 48. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 49. HTTP responses
Code	Type
200 - OK	Endpoints
201 - Created	Endpoints
202 - Accepted	Endpoints

Patch

partially update the specified Endpoints

HTTP request

patch /api/v1/namespaces/{namespace}/endpoints/{name}

Table 50. HTTP body
Object	Type
`body`	Patch

Table 51. Path parameters
Parameter	Description
`name`	name of the Endpoints
`namespace`	object name and auth scope, such as for teams and projects

Table 52. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 53. HTTP responses
Code	Type
200 - OK	Endpoints

Replace

replace the specified Endpoints

HTTP request

put /api/v1/namespaces/{namespace}/endpoints/{name}

Table 54. HTTP body
Object	Type
`body`	Endpoints

Table 55. Path parameters
Parameter	Description
`name`	name of the Endpoints
`namespace`	object name and auth scope, such as for teams and projects

Table 56. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 57. HTTP responses
Code	Type
200 - OK	Endpoints
201 - Created	Endpoints

Delete

delete Endpoints

HTTP request

delete /api/v1/namespaces/{namespace}/endpoints/{name}

Table 58. HTTP body
Object	Type
`body`	DeleteOptions

Table 59. Path parameters
Parameter	Description
`name`	name of the Endpoints
`namespace`	object name and auth scope, such as for teams and projects

Table 60. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 61. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of Endpoints

HTTP request

delete /api/v1/namespaces/{namespace}/endpoints

Table 62. HTTP body
Object	Type
`body`	DeleteOptions

Table 63. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 64. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 65. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified Endpoints

HTTP request

get /api/v1/namespaces/{namespace}/endpoints/{name}

Table 66. Path parameters
Parameter	Description
`name`	name of the Endpoints
`namespace`	object name and auth scope, such as for teams and projects

Table 67. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 68. HTTP responses
Code	Type
200 - OK	Endpoints

List

list or watch objects of kind Endpoints

HTTP request

get /api/v1/namespaces/{namespace}/endpoints

Table 69. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 70. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 71. HTTP responses
Code	Type
200 - OK	EndpointsList

List All Namespaces

list or watch objects of kind Endpoints

HTTP request

get /api/v1/endpoints

Table 72. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 73. HTTP responses
Code	Type
200 - OK	EndpointsList

Watch

watch changes to an object of kind Endpoints. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /api/v1/watch/namespaces/{namespace}/endpoints/{name}

Table 74. Path parameters
Parameter	Description
`name`	name of the Endpoints
`namespace`	object name and auth scope, such as for teams and projects

Table 75. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 76. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of Endpoints. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /api/v1/watch/namespaces/{namespace}/endpoints

Table 77. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 78. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 79. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List All Namespaces

watch individual changes to a list of Endpoints. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /api/v1/watch/endpoints

Table 80. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 81. HTTP responses
Code	Type
200 - OK	WatchEvent

Event v1 core

Appears in

EventList [core/v1]

Definitions

Event [v1/core]

The following table describes the parameters for the Event object:

Field Type Description

action

string

What action was taken/failed regarding to the Regarding object.

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

count

integer

The number of times this event has occurred.

eventTime

MicroTime

Time when this Event was first observed.

firstTimestamp

Time

The time at which the event was first recorded. (Time of server receipt is in TypeMeta.)

involvedObject

ObjectReference

The object that this event is about.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

lastTimestamp

Time

The time at which the most recent occurrence of this event was recorded.

message

string

A human-readable description of the status of this operation.

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

reason

string

This should be a short, machine understandable string that gives the reason for the transition into the object’s current status.

related

ObjectReference

Optional secondary object for more complex actions.

reportingComponent

string

Name of the controller that emitted this Event, e.g. kubernetes.io/kubelet.

reportingInstance

string

ID of the controller instance, e.g. kubelet-xyzf.

series

EventSeries

Data about the Event series this event represents or nil if it’s a singleton Event.

source

EventSource

The component reporting this event. Should be a short machine understandable string.

type

string

Type of this event (Normal, Warning), new types could be added in the future

EventList [v1/core]

The following table describes the parameters for EventList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Event array

List of events

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

EventSource [v1/core]

The following table describes the parameters for EventSource object:

Field Type Description

component

string

Component from which the event is generated.

host

string

Node name on which the event is generated.

EventSeries [v1/core]

The following table describes the parameters for EventSeries object:

Field Type Description

count

integer

Number of occurrences in this series up to the last heartbeat time

lastObservedTime

MicroTime

Time of the last occurrence observed

state

string

State of this Series: Ongoing or Finished Deprecated. Planned removal for 1.18

MicroTime [v1/meta]

The following table describes the parameters for MicroTime object:

Field

Type

Description

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

ObjectReference [v1/core]

The following table describes the parameters for ObjectReference object:

Field Type Description

apiVersion

string

API version of the referent.

fieldPath

string

If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

Operations

Write Operations

Create

create an Event

HTTP request

post /api/v1/namespaces/{namespace}/events

Table 82. HTTP body
Object	Type
`body`	Event

Table 83. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 84. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 85. HTTP responses
Code	Type
200 - OK	Event
201 - Created	Event
202 - Accepted	Event

Patch

partially update the specified Event

HTTP request

patch /api/v1/namespaces/{namespace}/events/{name}

Table 86. HTTP body
Object	Type
`body`	Patch

Table 87. Path parameters
Parameter	Description
`name`	name of the Event
`namespace`	object name and auth scope, such as for teams and projects

Table 88. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 89. HTTP responses
Code	Type
200 - OK	Event

Replace

replace the specified Event

HTTP request

put /api/v1/namespaces/{namespace}/events/{name}

Table 90. HTTP body
Object	Type
`body`	Event

Table 91. Path parameters
Parameter	Description
`name`	name of the Event
`namespace`	object name and auth scope, such as for teams and projects

Table 92. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 93. HTTP responses
Code	Type
200 - OK	Event
201 - Created	Event

Delete

delete an Event

HTTP request

delete /api/v1/namespaces/{namespace}/events/{name}

Table 94. HTTP body
Object	Type
`body`	DeleteOptions

Table 95. Path parameters
Parameter	Description
`name`	name of the Event
`namespace`	object name and auth scope, such as for teams and projects

Table 96. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 97. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of Event

HTTP request

delete /api/v1/namespaces/{namespace}/events

Table 98. HTTP body
Object	Type
`body`	DeleteOptions

Table 99. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 100. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 101. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified Event

HTTP request

get /api/v1/namespaces/{namespace}/events/{name}

Table 102. Path parameters
Parameter	Description
`name`	name of the Event
`namespace`	object name and auth scope, such as for teams and projects

Table 103. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 104. HTTP responses
Code	Type
200 - OK	Event

List

list or watch objects of kind Event

HTTP request

get /api/v1/namespaces/{namespace}/events

Table 105. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 106. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 107. HTTP responses
Code	Type
200 - OK	EventList

List All Namespaces

list or watch objects of kind Event

HTTP request

get /api/v1/events

Table 108. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 109. HTTP responses
Code	Type
200 - OK	EventList

Watch

watch changes to an object of kind Event. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /api/v1/watch/namespaces/{namespace}/events/{name}

Table 110. Path parameters
Parameter	Description
`name`	name of the Event
`namespace`	object name and auth scope, such as for teams and projects

Table 111. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 112. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of Event. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /api/v1/watch/namespaces/{namespace}/events

Table 113. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 114. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 115. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List All Namespaces

watch individual changes to a list of Event. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /api/v1/watch/events

Table 116. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 117. HTTP responses
Code	Type
200 - OK	WatchEvent

LimitRange v1 core

Appears in

LimitRangeList [core/v1]

Definitions

LimitRange [v1/core]

The following table describes the parameters for the LimitRange object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

LimitRangeSpec

Spec defines the limits enforced. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

LimitRangeSpec [v1/core]

The following table describes the parameters for LimitRangeSpec object:

Field Type Description

limits

LimitRangeItem array

Limits is the list of LimitRangeItem objects that are enforced.

LimitRangeList [v1/core]

The following table describes the parameters for LimitRangeList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

LimitRange array

Items is a list of LimitRange objects. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

LimitRangeItem [v1/core]

The following table describes the parameters for LimitRangeItem object:

Field Type Description

default

object

Default resource requirement limit value by resource name if resource limit is omitted.

defaultRequest

object

DefaultRequest is the default resource requirement request value by resource name if resource request is omitted.

max

object

Max usage constraints on this kind by resource name.

maxLimitRequestRatio

object

MaxLimitRequestRatio if specified, the named resource must have a request and limit that are both non-zero where limit divided by request is less than or equal to the enumerated value; this represents the max burst for the named resource.

min

object

Min usage constraints on this kind by resource name.

type

string

Type of resource that this limit applies to.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a LimitRange

HTTP request

post /api/v1/namespaces/{namespace}/limitranges

Table 118. HTTP body
Object	Type
`body`	LimitRange

Table 119. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 120. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 121. HTTP responses
Code	Type
200 - OK	LimitRange
201 - Created	LimitRange
202 - Accepted	LimitRange

Patch

partially update the specified LimitRange

HTTP request

patch /api/v1/namespaces/{namespace}/limitranges/{name}

Table 122. HTTP body
Object	Type
`body`	Patch

Table 123. Path parameters
Parameter	Description
`name`	name of the LimitRange
`namespace`	object name and auth scope, such as for teams and projects

Table 124. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 125. HTTP responses
Code	Type
200 - OK	LimitRange

Replace

replace the specified LimitRange

HTTP request

put /api/v1/namespaces/{namespace}/limitranges/{name}

Table 126. HTTP body
Object	Type
`body`	LimitRange

Table 127. Path parameters
Parameter	Description
`name`	name of the LimitRange
`namespace`	object name and auth scope, such as for teams and projects

Table 128. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 129. HTTP responses
Code	Type
200 - OK	LimitRange
201 - Created	LimitRange

Delete

delete a LimitRange

HTTP request

delete /api/v1/namespaces/{namespace}/limitranges/{name}

Table 130. HTTP body
Object	Type
`body`	DeleteOptions

Table 131. Path parameters
Parameter	Description
`name`	name of the LimitRange
`namespace`	object name and auth scope, such as for teams and projects

Table 132. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 133. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of LimitRange

HTTP request

delete /api/v1/namespaces/{namespace}/limitranges

Table 134. HTTP body
Object	Type
`body`	DeleteOptions

Table 135. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 136. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 137. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified LimitRange

HTTP request

get /api/v1/namespaces/{namespace}/limitranges/{name}

Table 138. Path parameters
Parameter	Description
`name`	name of the LimitRange
`namespace`	object name and auth scope, such as for teams and projects

Table 139. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 140. HTTP responses
Code	Type
200 - OK	LimitRange

List

list or watch objects of kind LimitRange

HTTP request

get /api/v1/namespaces/{namespace}/limitranges

Table 141. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 142. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 143. HTTP responses
Code	Type
200 - OK	LimitRangeList

List All Namespaces

list or watch objects of kind LimitRange

HTTP request

get /api/v1/limitranges

Table 144. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 145. HTTP responses
Code	Type
200 - OK	LimitRangeList

Watch

watch changes to an object of kind LimitRange. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /api/v1/watch/namespaces/{namespace}/limitranges/{name}

Table 146. Path parameters
Parameter	Description
`name`	name of the LimitRange
`namespace`	object name and auth scope, such as for teams and projects

Table 147. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 148. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of LimitRange. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /api/v1/watch/namespaces/{namespace}/limitranges

Table 149. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 150. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 151. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List All Namespaces

watch individual changes to a list of LimitRange. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /api/v1/watch/limitranges

Table 152. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 153. HTTP responses
Code	Type
200 - OK	WatchEvent

Namespace v1 core

Appears in

NamespaceList [core/v1]

Definitions

Namespace [v1/core]

The following table describes the parameters for the Namespace object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

NamespaceSpec

Spec defines the behavior of the Namespace. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

status

NamespaceStatus

Status describes the current status of a Namespace. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

NamespaceSpec [v1/core]

The following table describes the parameters for NamespaceSpec object:

Field Type Description

finalizers

string array

Finalizers is an opaque list of values that must be empty to permanently remove object from storage. More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/

NamespaceStatus [v1/core]

The following table describes the parameters for NamespaceStatus object:

Field Type Description

conditions

NamespaceCondition array

Represents the latest available observations of a namespace’s current state.

phase

string

Phase is the current lifecycle phase of the namespace. More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/

NamespaceList [v1/core]

The following table describes the parameters for NamespaceList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Namespace array

Items is the list of Namespace objects in the list. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

NamespaceCondition [v1/core]

The following table describes the parameters for NamespaceCondition object:

Field Type Description

lastTransitionTime

Time

message

string

reason

string

status

string

Status of the condition, one of True, False, Unknown.

type

string

Type of namespace controller condition.

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a Namespace

HTTP request

post /api/v1/namespaces

Table 154. HTTP body
Object	Type
`body`	Namespace

Table 155. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 156. HTTP responses
Code	Type
200 - OK	Namespace
201 - Created	Namespace
202 - Accepted	Namespace

Patch

partially update the specified Namespace

HTTP request

patch /api/v1/namespaces/{name}

Table 157. HTTP body
Object	Type
`body`	Patch

Table 158. Path parameters
Parameter	Description
`name`	name of the Namespace

Table 159. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 160. HTTP responses
Code	Type
200 - OK	Namespace

Replace

replace the specified Namespace

HTTP request

put /api/v1/namespaces/{name}

Table 161. HTTP body
Object	Type
`body`	Namespace

Table 162. Path parameters
Parameter	Description
`name`	name of the Namespace

Table 163. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 164. HTTP responses
Code	Type
200 - OK	Namespace
201 - Created	Namespace

Delete

delete a Namespace

HTTP request

delete /api/v1/namespaces/{name}

Table 165. HTTP body
Object	Type
`body`	DeleteOptions

Table 166. Path parameters
Parameter	Description
`name`	name of the Namespace

Table 167. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 168. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Read Operations

Read

read the specified Namespace

HTTP request

get /api/v1/namespaces/{name}

Table 169. Path parameters
Parameter	Description
`name`	name of the Namespace

Table 170. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 171. HTTP responses
Code	Type
200 - OK	Namespace

List

list or watch objects of kind Namespace

HTTP request

get /api/v1/namespaces

Table 172. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 173. HTTP responses
Code	Type
200 - OK	NamespaceList

Watch

watch changes to an object of kind Namespace. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /api/v1/watch/namespaces/{name}

Table 174. Path parameters
Parameter	Description
`name`	name of the Namespace

Table 175. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 176. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of Namespace. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /api/v1/watch/namespaces

Table 177. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 178. HTTP responses
Code	Type
200 - OK	WatchEvent

Status Operations

Patch Status

partially update status of the specified Namespace

HTTP request

patch /api/v1/namespaces/{name}/status

Table 179. HTTP body
Object	Type
`body`	Patch

Table 180. Path parameters
Parameter	Description
`name`	name of the Namespace

Table 181. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 182. HTTP responses
Code	Type
200 - OK	Namespace

Read Status

read status of the specified Namespace

HTTP request

get /api/v1/namespaces/{name}/status

Table 183. Path parameters
Parameter	Description
`name`	name of the Namespace

Table 184. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 185. HTTP responses
Code	Type
200 - OK	Namespace

Replace Status

replace status of the specified Namespace

HTTP request

put /api/v1/namespaces/{name}/status

Table 186. HTTP body
Object	Type
`body`	Namespace

Table 187. Path parameters
Parameter	Description
`name`	name of the Namespace

Table 188. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 189. HTTP responses
Code	Type
200 - OK	Namespace
201 - Created	Namespace

Node v1 core

Appears in

NodeList [core/v1]

Definitions

Node [v1/core]

The following table describes the parameters for the Node object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

NodeSpec

Spec defines the behavior of a node. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

status

NodeStatus

Most recently observed status of the node. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

NodeSpec [v1/core]

The following table describes the parameters for NodeSpec object:

Field Type Description

configSource

NodeConfigSource

If specified, the source to get node configuration from The DynamicKubeletConfig feature gate must be enabled for the Kubelet to use this field

externalID

string

Deprecated. Not all kubelets will set this field. Remove field after 1.13. see: https://issues.k8s.io/61966

podCIDR

string

PodCIDR represents the pod IP range assigned to the node.

podCIDRs

string array

podCIDRs represents the IP ranges assigned to the node for usage by Pods on that node. If this field is specified, the 0th entry must match the podCIDR field. It may contain at most 1 value for each of IPv4 and IPv6.

providerID

string

ID of the node assigned by the cloud provider in the format: <ProviderName>://<ProviderSpecificNodeID>

taints

Taint array

If specified, the node’s taints.

unschedulable

boolean

Unschedulable controls node schedulability of new pods. By default, node is schedulable. More info: https://kubernetes.io/docs/concepts/nodes/node/#manual-node-administration

NodeStatus [v1/core]

The following table describes the parameters for NodeStatus object:

Field Type Description

addresses

NodeAddress array

List of addresses reachable to the node. Queried from cloud provider, if available. More info: https://kubernetes.io/docs/concepts/nodes/node/#addresses Note: This field is declared as mergeable, but the merge key is not sufficiently unique, which can cause data corruption when it is merged. Callers should instead use a full-replacement patch. See http://pr.k8s.io/79391 for an example.

allocatable

object

Allocatable represents the resources of a node that are available for scheduling. Defaults to Capacity.

capacity

object

Capacity represents the total resources of a node. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity

conditions

NodeCondition array

Conditions is an array of current observed node conditions. More info: https://kubernetes.io/docs/concepts/nodes/node/#condition

config

NodeConfigStatus

Status of the config assigned to the node via the dynamic Kubelet config feature.

daemonEndpoints

NodeDaemonEndpoints

Endpoints of daemons running on the Node.

images

ContainerImage array

List of container images on this node

nodeInfo

NodeSystemInfo

Set of ids/uuids to uniquely identify the node. More info: https://kubernetes.io/docs/concepts/nodes/node/#info

phase

string

NodePhase is the recently observed lifecycle phase of the node. More info: https://kubernetes.io/docs/concepts/nodes/node/#phase The field is never populated, and now is deprecated.

volumesAttached

AttachedVolume array

List of volumes that are attached to the node.

volumesInUse

string array

List of attachable volumes in use (mounted) by the node.

NodeList [v1/core]

The following table describes the parameters for NodeList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Node array

List of nodes

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

AttachedVolume [v1/core]

The following table describes the parameters for AttachedVolume object:

Field Type Description

devicePath

string

DevicePath represents the device path where the volume should be available

name

string

Name of the attached volume

NodeSystemInfo [v1/core]

The following table describes the parameters for NodeSystemInfo object:

Field Type Description

architecture

string

The Architecture reported by the node

bootID

string

Boot ID reported by the node.

containerRuntimeVersion

string

ContainerRuntime Version reported by the node through runtime remote API (e.g. docker://1.5.0).

kernelVersion

string

Kernel Version reported by the node from 'uname -r' (e.g. 3.16.0-0.bpo.4-amd64).

kubeProxyVersion

string

KubeProxy Version reported by the node.

kubeletVersion

string

Kubelet Version reported by the node.

machineID

string

MachineID reported by the node. For unique machine identification in the cluster this field is preferred. Learn more from man(5) machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html

operatingSystem

string

The Operating System reported by the node

osImage

string

OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7 (wheezy)).

systemUUID

string

SystemUUID reported by the node. For unique machine identification MachineID is preferred. This field is specific to Red Hat hosts https://access.redhat.com/documentation/en-US/Red_Hat_Subscription_Management/1/html/RHSM/getting-system-uuid.html

ContainerImage [v1/core]

The following table describes the parameters for ContainerImage object:

Field Type Description

names

string array

Names by which this image is known. e.g. ["k8s.gcr.io/hyperkube:v1.0.7", "dockerhub.io/google_containers/hyperkube:v1.0.7"]

sizeBytes

integer

The size of the image in bytes.

NodeDaemonEndpoints [v1/core]

The following table describes the parameters for NodeDaemonEndpoints object:

Field Type Description

kubeletEndpoint

DaemonEndpoint

Endpoint on which Kubelet is listening.

DaemonEndpoint [v1/core]

The following table describes the parameters for DaemonEndpoint object:

Field Type Description

Port

integer

Port number of the given endpoint.

NodeConfigStatus [v1/core]

The following table describes the parameters for NodeConfigStatus object:

Field Type Description

active

NodeConfigSource

Active reports the checkpointed config the node is actively using. Active will represent either the current version of the Assigned config, or the current LastKnownGood config, depending on whether attempting to use the Assigned config results in an error.

assigned

NodeConfigSource

Assigned reports the checkpointed config the node will try to use. When Node.Spec.ConfigSource is updated, the node checkpoints the associated config payload to local disk, along with a record indicating intended config. The node refers to this record to choose its config checkpoint, and reports this record in Assigned. Assigned only updates in the status after the record has been checkpointed to disk. When the Kubelet is restarted, it tries to make the Assigned config the Active config by loading and validating the checkpointed payload identified by Assigned.

error

string

Error describes any problems reconciling the Spec.ConfigSource to the Active config. Errors may occur, for example, attempting to checkpoint Spec.ConfigSource to the local Assigned record, attempting to checkpoint the payload associated with Spec.ConfigSource, attempting to load or validate the Assigned config, etc. Errors may occur at different points while syncing config. Earlier errors (e.g. download or checkpointing errors) will not result in a rollback to LastKnownGood, and may resolve across Kubelet retries. Later errors (e.g. loading or validating a checkpointed config) will result in a rollback to LastKnownGood. In the latter case, it is usually possible to resolve the error by fixing the config assigned in Spec.ConfigSource. You can find additional information for debugging by searching the error message in the Kubelet log. Error is a human-readable description of the error state; machines can check whether or not Error is empty, but should not rely on the stability of the Error text across Kubelet versions.

lastKnownGood

NodeConfigSource

LastKnownGood reports the checkpointed config the node will fall back to when it encounters an error attempting to use the Assigned config. The Assigned config becomes the LastKnownGood config when the node determines that the Assigned config is stable and correct. This is currently implemented as a 10-minute soak period starting when the local record of Assigned config is updated. If the Assigned config is Active at the end of this period, it becomes the LastKnownGood. Note that if Spec.ConfigSource is reset to nil (use local defaults), the LastKnownGood is also immediately reset to nil, because the local default config is always assumed good. You should not make assumptions about the node’s method of determining config stability and correctness, as this may change or become configurable in the future.

NodeConfigSource [v1/core]

The following table describes the parameters for NodeConfigSource object:

Field Type Description

configMap

ConfigMapNodeConfigSource

ConfigMap is a reference to a Node’s ConfigMap

ConfigMapNodeConfigSource [v1/core]

The following table describes the parameters for ConfigMapNodeConfigSource object:

Field Type Description

kubeletConfigKey

string

KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure This field is required in all cases.

name

string

Name is the metadata.name of the referenced ConfigMap. This field is required in all cases.

namespace

string

Namespace is the metadata.namespace of the referenced ConfigMap. This field is required in all cases.

resourceVersion

string

ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status.

uid

string

UID is the metadata.UID of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status.

NodeCondition [v1/core]

The following table describes the parameters for NodeCondition object:

Field Type Description

lastHeartbeatTime

Time

Last time we got an update on a given condition.

lastTransitionTime

Time

Last time the condition transit from one status to another.

message

string

Human readable message indicating details about last transition.

reason

string

(brief) reason for the condition’s last transition.

status

string

Status of the condition, one of True, False, Unknown.

type

string

Type of node condition.

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

NodeAddress [v1/core]

The following table describes the parameters for NodeAddress object:

Field Type Description

address

string

The node address.

type

string

Node address type, one of Hostname, ExternalIP or InternalIP.

Taint [v1/core]

The following table describes the parameters for Taint object:

Field Type Description

effect

string

Required. The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute.

key

string

Required. The taint key to be applied to a node.

timeAdded

Time

TimeAdded represents the time at which the taint was added. It is only written for NoExecute taints.

value

string

Required. The taint value corresponding to the taint key.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a Node

HTTP request

post /api/v1/nodes

Table 190. HTTP body
Object	Type
`body`	Node

Table 191. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 192. HTTP responses
Code	Type
200 - OK	Node
201 - Created	Node
202 - Accepted	Node

Patch

partially update the specified Node

HTTP request

patch /api/v1/nodes/{name}

Table 193. HTTP body
Object	Type
`body`	Patch

Table 194. Path parameters
Parameter	Description
`name`	name of the Node

Table 195. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 196. HTTP responses
Code	Type
200 - OK	Node

Replace

replace the specified Node

HTTP request

put /api/v1/nodes/{name}

Table 197. HTTP body
Object	Type
`body`	Node

Table 198. Path parameters
Parameter	Description
`name`	name of the Node

Table 199. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 200. HTTP responses
Code	Type
200 - OK	Node
201 - Created	Node

Delete

delete a Node

HTTP request

delete /api/v1/nodes/{name}

Table 201. HTTP body
Object	Type
`body`	DeleteOptions

Table 202. Path parameters
Parameter	Description
`name`	name of the Node

Table 203. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 204. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of Node

HTTP request

delete /api/v1/nodes

Table 205. HTTP body
Object	Type
`body`	DeleteOptions

Table 206. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 207. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified Node

HTTP request

get /api/v1/nodes/{name}

Table 208. Path parameters
Parameter	Description
`name`	name of the Node

Table 209. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 210. HTTP responses
Code	Type
200 - OK	Node

List

list or watch objects of kind Node

HTTP request

get /api/v1/nodes

Table 211. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 212. HTTP responses
Code	Type
200 - OK	NodeList

Watch

watch changes to an object of kind Node. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /api/v1/watch/nodes/{name}

Table 213. Path parameters
Parameter	Description
`name`	name of the Node

Table 214. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 215. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of Node. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /api/v1/watch/nodes

Table 216. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 217. HTTP responses
Code	Type
200 - OK	WatchEvent

Status Operations

Patch Status

partially update status of the specified Node

HTTP request

patch /api/v1/nodes/{name}/status

Table 218. HTTP body
Object	Type
`body`	Patch

Table 219. Path parameters
Parameter	Description
`name`	name of the Node

Table 220. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 221. HTTP responses
Code	Type
200 - OK	Node

Read Status

read status of the specified Node

HTTP request

get /api/v1/nodes/{name}/status

Table 222. Path parameters
Parameter	Description
`name`	name of the Node

Table 223. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 224. HTTP responses
Code	Type
200 - OK	Node

Replace Status

replace status of the specified Node

HTTP request

put /api/v1/nodes/{name}/status

Table 225. HTTP body
Object	Type
`body`	Node

Table 226. Path parameters
Parameter	Description
`name`	name of the Node

Table 227. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 228. HTTP responses
Code	Type
200 - OK	Node
201 - Created	Node

Proxy Operations

Create Connect Proxy

connect POST requests to proxy of Node

HTTP request

post /api/v1/nodes/{name}/proxy

Table 229. Path parameters
Parameter	Description
`name`	name of the NodeProxyOptions

Table 230. Query parameters
Parameter	Description
`path`	Path is the URL path to use for the current proxy request to node.

Table 231. HTTP responses
Code	Type
200 - OK	string

Create Connect Proxy Path

connect POST requests to proxy of Node

HTTP request

post /api/v1/nodes/{name}/proxy/{path}

Table 232. Path parameters
Parameter	Description
`name`	name of the NodeProxyOptions
`path`	path to the resource

Table 233. Query parameters
Parameter	Description
`path`	Path is the URL path to use for the current proxy request to node.

Table 234. HTTP responses
Code	Type
200 - OK	string

Create Proxy

connect DELETE requests to proxy of Node

HTTP request

delete /api/v1/nodes/{name}/proxy

Table 235. Path parameters
Parameter	Description
`name`	name of the NodeProxyOptions

Table 236. Query parameters
Parameter	Description
`path`	Path is the URL path to use for the current proxy request to node.

Table 237. HTTP responses
Code	Type
200 - OK	string

Delete Connect Proxy Path

connect DELETE requests to proxy of Node

HTTP request

delete /api/v1/nodes/{name}/proxy/{path}

Table 238. Path parameters
Parameter	Description
`name`	name of the NodeProxyOptions
`path`	path to the resource

Table 239. Query parameters
Parameter	Description
`path`	Path is the URL path to use for the current proxy request to node.

Table 240. HTTP responses
Code	Type
200 - OK	string

Get Connect Proxy

connect GET requests to proxy of Node

HTTP request

get /api/v1/nodes/{name}/proxy

Table 241. Path parameters
Parameter	Description
`name`	name of the NodeProxyOptions

Table 242. Query parameters
Parameter	Description
`path`	Path is the URL path to use for the current proxy request to node.

Table 243. HTTP responses
Code	Type
200 - OK	string

Get Connect Proxy Path

connect GET requests to proxy of Node

HTTP request

get /api/v1/nodes/{name}/proxy/{path}

Table 244. Path parameters
Parameter	Description
`name`	name of the NodeProxyOptions
`path`	path to the resource

Table 245. Query parameters
Parameter	Description
`path`	Path is the URL path to use for the current proxy request to node.

Table 246. HTTP responses
Code	Type
200 - OK	string

Head Connect Proxy

connect HEAD requests to proxy of Node

HTTP request

head /api/v1/nodes/{name}/proxy

Table 247. Path parameters
Parameter	Description
`name`	name of the NodeProxyOptions

Table 248. Query parameters
Parameter	Description
`path`	Path is the URL path to use for the current proxy request to node.

Table 249. HTTP responses
Code	Type
200 - OK	string

Head Connect Proxy Path

connect HEAD requests to proxy of Node

HTTP request

head /api/v1/nodes/{name}/proxy/{path}

Table 250. Path parameters
Parameter	Description
`name`	name of the NodeProxyOptions
`path`	path to the resource

Table 251. Query parameters
Parameter	Description
`path`	Path is the URL path to use for the current proxy request to node.

Table 252. HTTP responses
Code	Type
200 - OK	string

Replace Connect Proxy

connect PUT requests to proxy of Node

HTTP request

put /api/v1/nodes/{name}/proxy

Table 253. Path parameters
Parameter	Description
`name`	name of the NodeProxyOptions

Table 254. Query parameters
Parameter	Description
`path`	Path is the URL path to use for the current proxy request to node.

Table 255. HTTP responses
Code	Type
200 - OK	string

Replace Connect Proxy Path

connect PUT requests to proxy of Node

HTTP request

put /api/v1/nodes/{name}/proxy/{path}

Table 256. Path parameters
Parameter	Description
`name`	name of the NodeProxyOptions
`path`	path to the resource

Table 257. Query parameters
Parameter	Description
`path`	Path is the URL path to use for the current proxy request to node.

Table 258. HTTP responses
Code	Type
200 - OK	string

PersistentVolume v1 core

Appears in

PersistentVolumeList [core/v1]

Definitions

PersistentVolume [v1/core]

The following table describes the parameters for the PersistentVolume object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

PersistentVolumeSpec

Spec defines a specification of a persistent volume owned by the cluster. Provisioned by an administrator. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes

status

PersistentVolumeStatus

Status represents the current information/status for the persistent volume. Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes

PersistentVolumeSpec [v1/core]

The following table describes the parameters for PersistentVolumeSpec object:

Field Type Description

accessModes

string array

AccessModes contains all ways the volume can be mounted. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes

awsElasticBlockStore

AWSElasticBlockStoreVolumeSource

AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

azureDisk

AzureDiskVolumeSource

AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.

azureFile

AzureFilePersistentVolumeSource

AzureFile represents an Azure File Service mount on the host and bind mount to the pod.

capacity

object

A description of the persistent volume’s resources and capacity. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity

cephfs

CephFSPersistentVolumeSource

CephFS represents a Ceph FS mount on the host that shares a pod’s lifetime

cinder

CinderPersistentVolumeSource

Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

claimRef

ObjectReference

ClaimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. Expected to be non-nil when bound. claim.VolumeName is the authoritative bind between PV and PVC. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding

csi

CSIPersistentVolumeSource

CSI represents storage that is handled by an external CSI driver (Beta feature).

fc

FCVolumeSource

FC represents a Fibre Channel resource that is attached to a kubelet’s host machine and then exposed to the pod.

flexVolume

FlexPersistentVolumeSource

FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.

flocker

FlockerVolumeSource

Flocker represents a Flocker volume attached to a kubelet’s host machine and exposed to the pod for its usage. This depends on the Flocker control service being running

gcePersistentDisk

GCEPersistentDiskVolumeSource

GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. Provisioned by an admin. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

glusterfs

GlusterfsPersistentVolumeSource

Glusterfs represents a Glusterfs volume that is attached to a host and exposed to the pod. Provisioned by an admin. More info: https://examples.k8s.io/volumes/glusterfs/README.md

hostPath

HostPathVolumeSource

HostPath represents a directory on the host. Provisioned by a developer or tester. This is useful for single-node development and testing only! On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

iscsi

ISCSIPersistentVolumeSource

ISCSI represents an ISCSI Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. Provisioned by an admin.

local

LocalVolumeSource

Local represents directly-attached storage with node affinity

mountOptions

string array

A list of mount options, e.g. ["ro", "soft"]. Not validated - mount will simply fail if one is invalid. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options

nfs

NFSVolumeSource

NFS represents an NFS mount on the host. Provisioned by an admin. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

nodeAffinity

VolumeNodeAffinity

NodeAffinity defines constraints that limit what nodes this volume can be accessed from. This field influences the scheduling of pods that use this volume.

persistentVolumeReclaimPolicy

string

What happens to a persistent volume when released from its claim. Valid options are Retain (default for manually created PersistentVolumes), Delete (default for dynamically provisioned PersistentVolumes), and Recycle (deprecated). Recycle must be supported by the volume plugin underlying this PersistentVolume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming

photonPersistentDisk

PhotonPersistentDiskVolumeSource

PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine

portworxVolume

PortworxVolumeSource

PortworxVolume represents a portworx volume attached and mounted on kubelets host machine

quobyte

QuobyteVolumeSource

Quobyte represents a Quobyte mount on the host that shares a pod’s lifetime

rbd

RBDPersistentVolumeSource

RBD represents a Rados Block Device mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md

scaleIO

ScaleIOPersistentVolumeSource

ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.

storageClassName

string

Name of StorageClass to which this persistent volume belongs. Empty value means that this volume does not belong to any StorageClass.

storageos

StorageOSPersistentVolumeSource

StorageOS represents a StorageOS volume that is attached to the kubelet’s host machine and mounted into the pod More info: https://examples.k8s.io/volumes/storageos/README.md

volumeMode

string

volumeMode defines if a volume is intended to be used with a formatted filesystem or to remain in raw block state. Value of Filesystem is implied when not included in spec. This is a beta feature.

vsphereVolume

VsphereVirtualDiskVolumeSource

VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine

PersistentVolumeStatus [v1/core]

The following table describes the parameters for PersistentVolumeStatus object:

Field Type Description

message

string

A human-readable message indicating details about why the volume is in this state.

phase

string

Phase indicates if a volume is available, bound to a claim, or released by a claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#phase

reason

string

Reason is a brief CamelCase string that describes any failure and is meant for machine parsing and tidy display in the CLI.

PersistentVolumeList [v1/core]

The following table describes the parameters for PersistentVolumeList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

PersistentVolume array

List of persistent volumes. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

VsphereVirtualDiskVolumeSource [v1/core]

The following table describes the parameters for VsphereVirtualDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

storagePolicyID

string

Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.

storagePolicyName

string

Storage Policy Based Management (SPBM) profile name.

volumePath

string

Path that identifies vSphere volume vmdk

StorageOSPersistentVolumeSource [v1/core]

The following table describes the parameters for StorageOSPersistentVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

ObjectReference

SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.

volumeName

string

VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.

volumeNamespace

string

VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod’s namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.

ObjectReference [v1/core]

The following table describes the parameters for ObjectReference object:

Field Type Description

apiVersion

string

API version of the referent.

fieldPath

string

If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

ScaleIOPersistentVolumeSource [v1/core]

The following table describes the parameters for ScaleIOPersistentVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs"

gateway

string

The host address of the ScaleIO API Gateway.

protectionDomain

string

The name of the ScaleIO Protection Domain for the configured storage.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

SecretReference

SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.

sslEnabled

boolean

Flag to enable/disable SSL communication with Gateway, default false

storageMode

string

Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.

storagePool

string

The ScaleIO Storage Pool associated with the protection domain.

system

string

The name of the storage system as configured in ScaleIO.

volumeName

string

The name of a volume already created in the ScaleIO system that is associated with this volume source.

SecretReference [v1/core]

The following table describes the parameters for SecretReference object:

Field Type Description

name

string

Name is unique within a namespace to reference a secret resource.

namespace

string

Namespace defines the space within which the secret name must be unique.

RBDPersistentVolumeSource [v1/core]

The following table describes the parameters for RBDPersistentVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd

image

string

The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

keyring

string

Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

monitors

string array

A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

pool

string

The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

secretRef

SecretReference

SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

user

string

The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

QuobyteVolumeSource [v1/core]

The following table describes the parameters for QuobyteVolumeSource object:

Field Type Description

group

string

Group to map volume access to Default is no group

readOnly

boolean

ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.

registry

string

Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes

tenant

string

Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin

user

string

User to map volume access to Defaults to serivceaccount user

volume

string

Volume is a string that references an already created Quobyte volume by name.

PortworxVolumeSource [v1/core]

The following table describes the parameters for PortworxVolumeSource object:

Field Type Description

fsType

string

FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

volumeID

string

VolumeID uniquely identifies a Portworx volume

PhotonPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for PhotonPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

pdID

string

ID that identifies Photon Controller persistent disk

VolumeNodeAffinity [v1/core]

The following table describes the parameters for VolumeNodeAffinity object:

Field Type Description

required

NodeSelector

Required specifies hard node constraints that must be met.

NodeSelector [v1/core]

The following table describes the parameters for NodeSelector object:

Field Type Description

nodeSelectorTerms

NodeSelectorTerm array

Required. A list of node selector terms. The terms are ORed.

NodeSelectorTerm [v1/core]

The following table describes the parameters for NodeSelectorTerm object:

Field Type Description

matchExpressions

NodeSelectorRequirement array

A list of node selector requirements by node’s labels.

matchFields

NodeSelectorRequirement array

A list of node selector requirements by node’s fields.

NodeSelectorRequirement [v1/core]

The following table describes the parameters for NodeSelectorRequirement object:

Field Type Description

key

string

The label key that the selector applies to.

operator

string

Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.

values

string array

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.

NFSVolumeSource [v1/core]

The following table describes the parameters for NFSVolumeSource object:

Field Type Description

path

string

Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

readOnly

boolean

ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

server

string

Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

LocalVolumeSource [v1/core]

The following table describes the parameters for LocalVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. It applies only when the Path is a block device. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default value is to auto-select a fileystem if unspecified.

path

string

The full path to the volume on the node. It can be either a directory or block device (disk, partition, …).

ISCSIPersistentVolumeSource [v1/core]

The following table describes the parameters for ISCSIPersistentVolumeSource object:

Field Type Description

chapAuthDiscovery

boolean

whether support iSCSI Discovery CHAP authentication

chapAuthSession

boolean

whether support iSCSI Session CHAP authentication

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi

initiatorName

string

Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.

iqn

string

Target iSCSI Qualified Name.

iscsiInterface

string

iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).

lun

integer

iSCSI Target Lun number.

portals

string array

iSCSI Target Portal List. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.

secretRef

SecretReference

CHAP Secret for iSCSI target and initiator authentication

targetPortal

string

iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

HostPathVolumeSource [v1/core]

The following table describes the parameters for HostPathVolumeSource object:

Field Type Description

path

string

Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

type

string

Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

GlusterfsPersistentVolumeSource [v1/core]

The following table describes the parameters for GlusterfsPersistentVolumeSource object:

Field Type Description

endpoints

string

EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

endpointsNamespace

string

EndpointsNamespace is the namespace that contains Glusterfs endpoint. If this field is empty, the EndpointNamespace defaults to the same namespace as the bound PVC. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

path

string

Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

readOnly

boolean

ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

GCEPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for GCEPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

pdName

string

Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

FlockerVolumeSource [v1/core]

The following table describes the parameters for FlockerVolumeSource object:

Field Type Description

datasetName

string

Name of the dataset stored as metadata → name on the dataset for Flocker should be considered as deprecated

datasetUUID

string

UUID of the dataset. This is unique identifier of a Flocker dataset

FlexPersistentVolumeSource [v1/core]

The following table describes the parameters for FlexPersistentVolumeSource object:

Field Type Description

driver

string

Driver is the name of the driver to use for this volume.

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.

options

object

Optional: Extra command options if any.

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

SecretReference

Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.

FCVolumeSource [v1/core]

The following table describes the parameters for FCVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

lun

integer

Optional: FC target lun number

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

targetWWNs

string array

Optional: FC target worldwide names (WWNs)

wwids

string array

Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.

CSIPersistentVolumeSource [v1/core]

The following table describes the parameters for CSIPersistentVolumeSource object:

Field Type Description

controllerExpandSecretRef

SecretReference

ControllerExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerExpandVolume call. This is an alpha field and requires enabling ExpandCSIVolumes feature gate. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.

controllerPublishSecretRef

SecretReference

ControllerPublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerPublishVolume and ControllerUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.

driver

string

Driver is the name of the driver to use for this volume. Required.

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs".

nodePublishSecretRef

SecretReference

NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.

nodeStageSecretRef

SecretReference

NodeStageSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodeStageVolume and NodeStageVolume and NodeUnstageVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.

readOnly

boolean

Optional: The value to pass to ControllerPublishVolumeRequest. Defaults to false (read/write).

volumeAttributes

object

Attributes of the volume to publish.

volumeHandle

string

VolumeHandle is the unique volume name returned by the CSI volume plugin’s CreateVolume to refer to the volume on all subsequent calls. Required.

CinderPersistentVolumeSource [v1/core]

The following table describes the parameters for CinderPersistentVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

secretRef

SecretReference

Optional: points to a secret object containing parameters used to connect to Red Hat OpenStack Platform (RHOSP).

volumeID

string

volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

CephFSPersistentVolumeSource [v1/core]

The following table describes the parameters for CephFSPersistentVolumeSource object:

Field Type Description

monitors

string array

Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

path

string

Optional: Used as the mounted root, rather than the full Ceph tree, default is /

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretFile

string

Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretRef

SecretReference

Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

user

string

Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

AzureFilePersistentVolumeSource [v1/core]

The following table describes the parameters for AzureFilePersistentVolumeSource object:

Field Type Description

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretName

string

the name of secret that contains Azure Storage Account Name and Key

secretNamespace

string

the namespace of the secret that contains Azure Storage Account Name and Key default is the same as the Pod

shareName

string

Share Name

AzureDiskVolumeSource [v1/core]

The following table describes the parameters for AzureDiskVolumeSource object:

Field Type Description

cachingMode

string

Host Caching mode: None, Read Only, Read Write.

diskName

string

The Name of the data disk in the blob storage

diskURI

string

The URI the data disk in the blob storage

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

kind

string

Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

AWSElasticBlockStoreVolumeSource [v1/core]

The following table describes the parameters for AWSElasticBlockStoreVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).

readOnly

boolean

Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

volumeID

string

Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a PersistentVolume

HTTP request

post /api/v1/persistentvolumes

Table 259. HTTP body
Object	Type
`body`	PersistentVolume

Table 260. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 261. HTTP responses
Code	Type
200 - OK	PersistentVolume
201 - Created	PersistentVolume
202 - Accepted	PersistentVolume

Patch

partially update the specified PersistentVolume

HTTP request

patch /api/v1/persistentvolumes/{name}

Table 262. HTTP body
Object	Type
`body`	Patch

Table 263. Path parameters
Parameter	Description
`name`	name of the PersistentVolume

Table 264. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 265. HTTP responses
Code	Type
200 - OK	PersistentVolume

Replace

replace the specified PersistentVolume

HTTP request

put /api/v1/persistentvolumes/{name}

Table 266. HTTP body
Object	Type
`body`	PersistentVolume

Table 267. Path parameters
Parameter	Description
`name`	name of the PersistentVolume

Table 268. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 269. HTTP responses
Code	Type
200 - OK	PersistentVolume
201 - Created	PersistentVolume

Delete

delete a PersistentVolume

HTTP request

delete /api/v1/persistentvolumes/{name}

Table 270. HTTP body
Object	Type
`body`	DeleteOptions

Table 271. Path parameters
Parameter	Description
`name`	name of the PersistentVolume

Table 272. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 273. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of PersistentVolume

HTTP request

delete /api/v1/persistentvolumes

Table 274. HTTP body
Object	Type
`body`	DeleteOptions

Table 275. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 276. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified PersistentVolume

HTTP request

get /api/v1/persistentvolumes/{name}

Table 277. Path parameters
Parameter	Description
`name`	name of the PersistentVolume

Table 278. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 279. HTTP responses
Code	Type
200 - OK	PersistentVolume

List

list or watch objects of kind PersistentVolume

HTTP request

get /api/v1/persistentvolumes

Table 280. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 281. HTTP responses
Code	Type
200 - OK	PersistentVolumeList

Watch

watch changes to an object of kind PersistentVolume. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /api/v1/watch/persistentvolumes/{name}

Table 282. Path parameters
Parameter	Description
`name`	name of the PersistentVolume

Table 283. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 284. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of PersistentVolume. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /api/v1/watch/persistentvolumes

Table 285. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 286. HTTP responses
Code	Type
200 - OK	WatchEvent

Status Operations

Patch Status

partially update status of the specified PersistentVolume

HTTP request

patch /api/v1/persistentvolumes/{name}/status

Table 287. HTTP body
Object	Type
`body`	Patch

Table 288. Path parameters
Parameter	Description
`name`	name of the PersistentVolume

Table 289. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 290. HTTP responses
Code	Type
200 - OK	PersistentVolume

Read Status

read status of the specified PersistentVolume

HTTP request

get /api/v1/persistentvolumes/{name}/status

Table 291. Path parameters
Parameter	Description
`name`	name of the PersistentVolume

Table 292. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 293. HTTP responses
Code	Type
200 - OK	PersistentVolume

Replace Status

replace status of the specified PersistentVolume

HTTP request

put /api/v1/persistentvolumes/{name}/status

Table 294. HTTP body
Object	Type
`body`	PersistentVolume

Table 295. Path parameters
Parameter	Description
`name`	name of the PersistentVolume

Table 296. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 297. HTTP responses
Code	Type
200 - OK	PersistentVolume
201 - Created	PersistentVolume

PersistentVolumeClaim v1 core

Appears in

StatefulSetSpec [apps/v1]
StatefulSetSpec [apps/v1beta1]
StatefulSetSpec [apps/v1beta2]
PersistentVolumeClaimList [core/v1]

Definitions

PersistentVolumeClaim [v1/core]

The following table describes the parameters for the PersistentVolumeClaim object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

PersistentVolumeClaimSpec

Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

status

PersistentVolumeClaimStatus

Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

PersistentVolumeClaimSpec [v1/core]

The following table describes the parameters for PersistentVolumeClaimSpec object:

Field Type Description

accessModes

string array

AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1

dataSource

TypedLocalObjectReference

This field requires the VolumeSnapshotDataSource alpha feature gate to be enabled and currently VolumeSnapshot is the only supported data source. If the provisioner can support VolumeSnapshot data source, it will create a new volume and data will be restored to the volume at the same time. If the provisioner does not support VolumeSnapshot data source, volume will not be created and the failure will be reported as an event. In the future, we plan to support more data source types and the behavior of the provisioner may change.

resources

ResourceRequirements

Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources

selector

LabelSelector

A label query over volumes to consider for binding.

storageClassName

string

Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1

volumeMode

string

volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. This is a beta feature.

volumeName

string

VolumeName is the binding reference to the PersistentVolume backing this claim.

PersistentVolumeClaimStatus [v1/core]

The following table describes the parameters for PersistentVolumeClaimStatus object:

Field Type Description

accessModes

string array

AccessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1

capacity

object

Represents the actual resources of the underlying volume.

conditions

PersistentVolumeClaimCondition array

Current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'.

phase

string

Phase represents the current phase of PersistentVolumeClaim.

PersistentVolumeClaimList [v1/core]

The following table describes the parameters for PersistentVolumeClaimList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

PersistentVolumeClaim array

A list of persistent volume claims. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

PersistentVolumeClaimCondition [v1/core]

The following table describes the parameters for PersistentVolumeClaimCondition object:

Field Type Description

lastProbeTime

Time

Last time we probed the condition.

lastTransitionTime

Time

Last time the condition transitioned from one status to another.

message

string

Human-readable message indicating details about last transition.

reason

string

Unique, this should be a short, machine understandable string that gives the reason for condition’s last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized.

status

string

type

string

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

LabelSelector [v1/meta]

The following table describes the parameters for LabelSelector object:

Field Type Description

matchExpressions

LabelSelectorRequirement array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchLabels

object

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

LabelSelectorRequirement [v1/meta]

The following table describes the parameters for LabelSelectorRequirement object:

Field Type Description

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

string array

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

ResourceRequirements [v1/core]

The following table describes the parameters for ResourceRequirements object:

Field Type Description

limits

object

Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

requests

object

Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

TypedLocalObjectReference [v1/core]

The following table describes the parameters for TypedLocalObjectReference object:

Field Type Description

apiGroup

string

APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.

kind

string

Kind is the type of resource being referenced

name

string

Name is the name of resource being referenced

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a PersistentVolumeClaim

HTTP request

post /api/v1/namespaces/{namespace}/persistentvolumeclaims

Table 298. HTTP body
Object	Type
`body`	PersistentVolumeClaim

Table 299. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 300. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 301. HTTP responses
Code	Type
200 - OK	PersistentVolumeClaim
201 - Created	PersistentVolumeClaim
202 - Accepted	PersistentVolumeClaim

Patch

partially update the specified PersistentVolumeClaim

HTTP request

patch /api/v1/namespaces/{namespace}/persistentvolumeclaims/{name}

Table 302. HTTP body
Object	Type
`body`	Patch

Table 303. Path parameters
Parameter	Description
`name`	name of the PersistentVolumeClaim
`namespace`	object name and auth scope, such as for teams and projects

Table 304. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 305. HTTP responses
Code	Type
200 - OK	PersistentVolumeClaim

Replace

replace the specified PersistentVolumeClaim

HTTP request

put /api/v1/namespaces/{namespace}/persistentvolumeclaims/{name}

Table 306. HTTP body
Object	Type
`body`	PersistentVolumeClaim

Table 307. Path parameters
Parameter	Description
`name`	name of the PersistentVolumeClaim
`namespace`	object name and auth scope, such as for teams and projects

Table 308. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 309. HTTP responses
Code	Type
200 - OK	PersistentVolumeClaim
201 - Created	PersistentVolumeClaim

Delete

delete a PersistentVolumeClaim

HTTP request

delete /api/v1/namespaces/{namespace}/persistentvolumeclaims/{name}

Table 310. HTTP body
Object	Type
`body`	DeleteOptions

Table 311. Path parameters
Parameter	Description
`name`	name of the PersistentVolumeClaim
`namespace`	object name and auth scope, such as for teams and projects

Table 312. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 313. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of PersistentVolumeClaim

HTTP request

delete /api/v1/namespaces/{namespace}/persistentvolumeclaims

Table 314. HTTP body
Object	Type
`body`	DeleteOptions

Table 315. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 316. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 317. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified PersistentVolumeClaim

HTTP request

get /api/v1/namespaces/{namespace}/persistentvolumeclaims/{name}

Table 318. Path parameters
Parameter	Description
`name`	name of the PersistentVolumeClaim
`namespace`	object name and auth scope, such as for teams and projects

Table 319. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 320. HTTP responses
Code	Type
200 - OK	PersistentVolumeClaim

List

list or watch objects of kind PersistentVolumeClaim

HTTP request

get /api/v1/namespaces/{namespace}/persistentvolumeclaims

Table 321. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 322. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 323. HTTP responses
Code	Type
200 - OK	PersistentVolumeClaimList

List All Namespaces

list or watch objects of kind PersistentVolumeClaim

HTTP request

get /api/v1/persistentvolumeclaims

Table 324. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 325. HTTP responses
Code	Type
200 - OK	PersistentVolumeClaimList

Watch

watch changes to an object of kind PersistentVolumeClaim. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /api/v1/watch/namespaces/{namespace}/persistentvolumeclaims/{name}

Table 326. Path parameters
Parameter	Description
`name`	name of the PersistentVolumeClaim
`namespace`	object name and auth scope, such as for teams and projects

Table 327. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 328. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of PersistentVolumeClaim. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /api/v1/watch/namespaces/{namespace}/persistentvolumeclaims

Table 329. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 330. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 331. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List All Namespaces

watch individual changes to a list of PersistentVolumeClaim. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /api/v1/watch/persistentvolumeclaims

Table 332. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 333. HTTP responses
Code	Type
200 - OK	WatchEvent

Status Operations

Patch Status

partially update status of the specified PersistentVolumeClaim

HTTP request

patch /api/v1/namespaces/{namespace}/persistentvolumeclaims/{name}/status

Table 334. HTTP body
Object	Type
`body`	Patch

Table 335. Path parameters
Parameter	Description
`name`	name of the PersistentVolumeClaim
`namespace`	object name and auth scope, such as for teams and projects

Table 336. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 337. HTTP responses
Code	Type
200 - OK	PersistentVolumeClaim

Read Status

read status of the specified PersistentVolumeClaim

HTTP request

get /api/v1/namespaces/{namespace}/persistentvolumeclaims/{name}/status

Table 338. Path parameters
Parameter	Description
`name`	name of the PersistentVolumeClaim
`namespace`	object name and auth scope, such as for teams and projects

Table 339. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 340. HTTP responses
Code	Type
200 - OK	PersistentVolumeClaim

Replace Status

replace status of the specified PersistentVolumeClaim

HTTP request

put /api/v1/namespaces/{namespace}/persistentvolumeclaims/{name}/status

Table 341. HTTP body
Object	Type
`body`	PersistentVolumeClaim

Table 342. Path parameters
Parameter	Description
`name`	name of the PersistentVolumeClaim
`namespace`	object name and auth scope, such as for teams and projects

Table 343. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 344. HTTP responses
Code	Type
200 - OK	PersistentVolumeClaim
201 - Created	PersistentVolumeClaim

Pod v1 core

Appears in

PodList [core/v1]

Definitions

Pod [v1/core]

The following table describes the parameters for the Pod object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

PodSpec

Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

status

PodStatus

Most recently observed status of the pod. This data may not be up to date. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

PodSpec [v1/core]

The following table describes the parameters for PodSpec object:

Field Type Description

activeDeadlineSeconds

integer

Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.

affinity

Affinity

If specified, the pod’s scheduling constraints

automountServiceAccountToken

boolean

AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.

containers

Container array

List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.

dnsConfig

PodDNSConfig

Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.

dnsPolicy

string

Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.

enableServiceLinks

boolean

EnableServiceLinks indicates whether information about services should be injected into pod’s environment variables, matching the syntax of Docker links. Optional: Defaults to true.

ephemeralContainers

EphemeralContainer array

List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod’s ephemeralcontainers subresource. This field is alpha-level and is only honored by servers that enable the EphemeralContainers feature.

hostAliases

HostAlias array

HostAliases is an optional list of hosts and IPs that will be injected into the pod’s hosts file if specified. This is only valid for non-hostNetwork pods.

hostIPC

boolean

Use the host’s ipc namespace. Optional: Default to false.

hostNetwork

boolean

Host networking requested for this pod. Use the host’s network namespace. If this option is set, the ports that will be used must be specified. Default to false.

hostPID

boolean

Use the host’s pid namespace. Optional: Default to false.

hostname

string

Specifies the hostname of the Pod If not specified, the pod’s hostname will be set to a system-defined value.

imagePullSecrets

LocalObjectReference array

ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod

initContainers

Container array

List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

nodeName

string

NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.

nodeSelector

object

NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node’s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/

overhead

object

Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md This field is alpha-level as of Kubernetes v1.16, and is only honored by servers that enable the PodOverhead feature.

preemptionPolicy

string

PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. This field is alpha-level and is only honored by servers that enable the NonPreemptingPriority feature.

priority

integer

The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.

priorityClassName

string

If specified, indicates the pod’s priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.

readinessGates

PodReadinessGate array

If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md

restartPolicy

string

Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy

runtimeClassName

string

RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md This is a beta feature as of Kubernetes v1.14.

schedulerName

string

If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.

securityContext

PodSecurityContext

SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.

serviceAccount

string

DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.

serviceAccountName

string

ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

shareProcessNamespace

boolean

Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false. This field is beta-level and may be disabled with the PodShareProcessNamespace feature.

subdomain

string

If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not specified, the pod will not have a domainname at all.

terminationGracePeriodSeconds

integer

Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.

tolerations

Toleration array

If specified, the pod’s tolerations.

topologySpreadConstraints

TopologySpreadConstraint array

TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. This field is alpha-level and is only honored by clusters that enables the EvenPodsSpread feature. All topologySpreadConstraints are ANDed.

volumes

Volume array

List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes

PodStatus [v1/core]

The following table describes the parameters for PodStatus object:

Field Type Description

conditions

PodCondition array

Current service state of pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions

containerStatuses

ContainerStatus array

The list has one entry per container in the manifest. Each entry is currently the output of docker inspect. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status

ephemeralContainerStatuses

ContainerStatus array

Status for any ephemeral containers that have run in this pod. This field is alpha-level and is only populated by servers that enable the EphemeralContainers feature.

hostIP

string

IP address of the host to which the pod is assigned. Empty if not yet scheduled.

initContainerStatuses

ContainerStatus array

The list has one entry per init container in the manifest. The most recent successful init container will have ready = true, the most recently started container will have startTime set. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status

message

string

A human readable message indicating details about why the pod is in this condition.

nominatedNodeName

string

nominatedNodeName is set only when this pod preempts other pods on the node, but it cannot be scheduled right away as preemption victims receive their graceful termination periods. This field does not guarantee that the pod will be scheduled on this node. Scheduler may decide to place the pod elsewhere if other nodes become available sooner. Scheduler may also decide to give the resources on this node to a higher priority pod that is created after preemption. As a result, this field may be different than PodSpec.nodeName when the pod is scheduled.

phase

string

The phase of a Pod is a simple, high-level summary of where the Pod is in its lifecycle. The conditions array, the reason and message fields, and the individual container status arrays contain more detail about the pod’s status. There are five possible phase values:

Pending: The pod has been accepted by the Kubernetes system, but one or more of the container images has not been created. This includes time before being scheduled as well as time spent downloading images over the network, which could take a while. Running: The pod has been bound to a node, and all of the containers have been created. At least one container is still running, or is in the process of starting or restarting. Succeeded: All containers in the pod have terminated in success, and will not be restarted. Failed: All containers in the pod have terminated, and at least one container has terminated in failure. The container either exited with non-zero status or was terminated by the system. Unknown: For some reason the state of the pod could not be obtained, typically due to an error in communicating with the host of the pod.

More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase

podIP

string

IP address allocated to the pod. Routable at least within the cluster. Empty if not yet allocated.

podIPs

PodIP array

podIPs holds the IP addresses allocated to the pod. If this field is specified, the 0th entry must match the podIP field. Pods may be allocated at most 1 value for each of IPv4 and IPv6. This list is empty if no IPs have been allocated yet.

qosClass

string

The Quality of Service (QOS) classification assigned to the pod based on resource requirements See PodQOSClass type for available QOS classes More info: https://git.k8s.io/community/contributors/design-proposals/node/resource-qos.md

reason

string

A brief CamelCase message indicating details about why the pod is in this state. e.g. 'Evicted'

startTime

Time

RFC 3339 date and time at which the object was acknowledged by the Kubelet. This is before the Kubelet pulled the container image(s) for the pod.

PodList [v1/core]

The following table describes the parameters for PodList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Pod array

List of pods. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

PodIP [v1/core]

The following table describes the parameters for PodIP object:

Field Type Description

ip

string

ip is an IP address (IPv4 or IPv6) assigned to the pod

ContainerStatus [v1/core]

The following table describes the parameters for ContainerStatus object:

Field Type Description

containerID

string

Container’s ID in the format 'docker://<container_id>'.

image

string

The image the container is running. More info: https://kubernetes.io/docs/concepts/containers/images

imageID

string

ImageID of the container’s image.

lastState

ContainerState

Details about the container’s last termination condition.

name

string

This must be a DNS_LABEL. Each container in a pod must have a unique name. Cannot be updated.

ready

boolean

Specifies whether the container has passed its readiness probe.

restartCount

integer

The number of times the container has been restarted, currently based on the number of dead containers that have not yet been removed. Note that this is calculated from dead containers. But those containers are subject to garbage collection. This value will get capped at 5 by GC.

started

boolean

Specifies whether the container has passed its startup probe. Initialized as false, becomes true after startupProbe is considered successful. Resets to false when the container is restarted, or if kubelet loses state temporarily. Is always true when no startupProbe is defined.

state

ContainerState

Details about the container’s current condition.

ContainerState [v1/core]

The following table describes the parameters for ContainerState object:

Field Type Description

running

ContainerStateRunning

Details about a running container

terminated

ContainerStateTerminated

Details about a terminated container

waiting

ContainerStateWaiting

Details about a waiting container

ContainerStateWaiting [v1/core]

The following table describes the parameters for ContainerStateWaiting object:

Field Type Description

message

string

Message regarding why the container is not yet running.

reason

string

(brief) reason the container is not yet running.

ContainerStateTerminated [v1/core]

The following table describes the parameters for ContainerStateTerminated object:

Field Type Description

containerID

string

Container’s ID in the format 'docker://<container_id>'

exitCode

integer

Exit status from the last termination of the container

finishedAt

Time

Time at which the container last terminated

message

string

Message regarding the last termination of the container

reason

string

(brief) reason from the last termination of the container

signal

integer

Signal from the last termination of the container

startedAt

Time

Time at which previous execution of the container started

ContainerStateRunning [v1/core]

The following table describes the parameters for ContainerStateRunning object:

Field Type Description

startedAt

Time

Time at which the container was last (re-)started

PodCondition [v1/core]

The following table describes the parameters for PodCondition object:

Field Type Description

lastProbeTime

Time

Last time we probed the condition.

lastTransitionTime

Time

Last time the condition transitioned from one status to another.

message

string

Human-readable message indicating details about last transition.

reason

string

Unique, one-word, CamelCase reason for the condition’s last transition.

status

string

Status is the status of the condition. Can be True, False, Unknown. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions

type

string

Type is the type of the condition. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions

Volume [v1/core]

The following table describes the parameters for Volume object:

Field Type Description

awsElasticBlockStore

AWSElasticBlockStoreVolumeSource

AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

azureDisk

AzureDiskVolumeSource

AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.

azureFile

AzureFileVolumeSource

AzureFile represents an Azure File Service mount on the host and bind mount to the pod.

cephfs

CephFSVolumeSource

CephFS represents a Ceph FS mount on the host that shares a pod’s lifetime

cinder

CinderVolumeSource

Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

configMap

ConfigMapVolumeSource

ConfigMap represents a configMap that should populate this volume

csi

CSIVolumeSource

CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature).

downwardAPI

DownwardAPIVolumeSource

DownwardAPI represents downward API about the pod that should populate this volume

emptyDir

EmptyDirVolumeSource

EmptyDir represents a temporary directory that shares a pod’s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir

fc

FCVolumeSource

FC represents a Fibre Channel resource that is attached to a kubelet’s host machine and then exposed to the pod.

flexVolume

FlexVolumeSource

FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.

flocker

FlockerVolumeSource

Flocker represents a Flocker volume attached to a kubelet’s host machine. This depends on the Flocker control service being running

gcePersistentDisk

GCEPersistentDiskVolumeSource

GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

gitRepo

GitRepoVolumeSource

GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod’s container.

glusterfs

GlusterfsVolumeSource

Glusterfs represents a Glusterfs mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md

hostPath

HostPathVolumeSource

HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

iscsi

ISCSIVolumeSource

ISCSI represents an ISCSI Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md

name

string

Volume’s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

nfs

NFSVolumeSource

NFS represents an NFS mount on the host that shares a pod’s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

persistentVolumeClaim

PersistentVolumeClaimVolumeSource

PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

photonPersistentDisk

PhotonPersistentDiskVolumeSource

PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine

portworxVolume

PortworxVolumeSource

PortworxVolume represents a portworx volume attached and mounted on kubelets host machine

projected

ProjectedVolumeSource

Items for all in one resources secrets, configmaps, and downward API

quobyte

QuobyteVolumeSource

Quobyte represents a Quobyte mount on the host that shares a pod’s lifetime

rbd

RBDVolumeSource

RBD represents a Rados Block Device mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md

scaleIO

ScaleIOVolumeSource

ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.

secret

SecretVolumeSource

Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret

storageos

StorageOSVolumeSource

StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.

vsphereVolume

VsphereVirtualDiskVolumeSource

VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine

VsphereVirtualDiskVolumeSource [v1/core]

The following table describes the parameters for VsphereVirtualDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

storagePolicyID

string

Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.

storagePolicyName

string

Storage Policy Based Management (SPBM) profile name.

volumePath

string

Path that identifies vSphere volume vmdk

StorageOSVolumeSource [v1/core]

The following table describes the parameters for StorageOSVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.

volumeName

string

VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.

volumeNamespace

string

VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod’s namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.

LocalObjectReference [v1/core]

The following table describes the parameters for LocalObjectReference object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

SecretVolumeSource [v1/core]

The following table describes the parameters for SecretVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

optional

boolean

Specify whether the Secret or its keys must be defined

secretName

string

Name of the secret in the pod’s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret

KeyToPath [v1/core]

The following table describes the parameters for KeyToPath object:

Field Type Description

key

string

The key to project.

mode

integer

Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

path

string

The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.

ScaleIOVolumeSource [v1/core]

The following table describes the parameters for ScaleIOVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".

gateway

string

The host address of the ScaleIO API Gateway.

protectionDomain

string

The name of the ScaleIO Protection Domain for the configured storage.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.

sslEnabled

boolean

Flag to enable/disable SSL communication with Gateway, default false

storageMode

string

Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.

storagePool

string

The ScaleIO Storage Pool associated with the protection domain.

system

string

The name of the storage system as configured in ScaleIO.

volumeName

string

The name of a volume already created in the ScaleIO system that is associated with this volume source.

RBDVolumeSource [v1/core]

The following table describes the parameters for RBDVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd

image

string

The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

keyring

string

Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

monitors

string array

A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

pool

string

The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

secretRef

LocalObjectReference

SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

user

string

The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

QuobyteVolumeSource [v1/core]

The following table describes the parameters for QuobyteVolumeSource object:

Field Type Description

group

string

Group to map volume access to Default is no group

readOnly

boolean

ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.

registry

string

Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes

tenant

string

Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin

user

string

User to map volume access to Defaults to serivceaccount user

volume

string

Volume is a string that references an already created Quobyte volume by name.

ProjectedVolumeSource [v1/core]

The following table describes the parameters for ProjectedVolumeSource object:

Field Type Description

defaultMode

integer

Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

sources

VolumeProjection array

list of volume projections

VolumeProjection [v1/core]

The following table describes the parameters for VolumeProjection object:

Field Type Description

configMap

ConfigMapProjection

information about the configMap data to project

downwardAPI

DownwardAPIProjection

information about the downwardAPI data to project

secret

SecretProjection

information about the secret data to project

serviceAccountToken

ServiceAccountTokenProjection

information about the serviceAccountToken data to project

ServiceAccountTokenProjection [v1/core]

The following table describes the parameters for ServiceAccountTokenProjection object:

Field Type Description

audience

string

Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.

expirationSeconds

integer

ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.

path

string

Path is the path relative to the mount point of the file to project the token into.

SecretProjection [v1/core]

The following table describes the parameters for SecretProjection object:

Field Type Description

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

DownwardAPIProjection [v1/core]

The following table describes the parameters for DownwardAPIProjection object:

Field Type Description

items

DownwardAPIVolumeFile array

Items is a list of DownwardAPIVolume file

DownwardAPIVolumeFile [v1/core]

The following table describes the parameters for DownwardAPIVolumeFile object:

Field Type Description

fieldRef

ObjectFieldSelector

Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.

mode

integer

Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

path

string

Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'

resourceFieldRef

ResourceFieldSelector

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.

ResourceFieldSelector [v1/core]

The following table describes the parameters for ResourceFieldSelector object:

Field Type Description

containerName

string

Container name: required for volumes, optional for env vars

divisor

Quantity

Specifies the output format of the exposed resources, defaults to "1"

resource

string

Required: resource to select

Quantity [resource/core]

The following table describes the parameters for Quantity object:

Field

Type

Description

ObjectFieldSelector [v1/core]

The following table describes the parameters for ObjectFieldSelector object:

Field Type Description

apiVersion

string

Version of the schema the FieldPath is written in terms of, defaults to "v1".

fieldPath

string

Path of the field to select in the specified API version.

ConfigMapProjection [v1/core]

The following table describes the parameters for ConfigMapProjection object:

Field Type Description

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its keys must be defined

PortworxVolumeSource [v1/core]

The following table describes the parameters for PortworxVolumeSource object:

Field Type Description

fsType

string

FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

volumeID

string

VolumeID uniquely identifies a Portworx volume

PhotonPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for PhotonPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

pdID

string

ID that identifies Photon Controller persistent disk

PersistentVolumeClaimVolumeSource [v1/core]

The following table describes the parameters for PersistentVolumeClaimVolumeSource object:

Field Type Description

claimName

string

ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

readOnly

boolean

Will force the ReadOnly setting in VolumeMounts. Default false.

NFSVolumeSource [v1/core]

The following table describes the parameters for NFSVolumeSource object:

Field Type Description

path

string

Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

readOnly

boolean

ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

server

string

Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

ISCSIVolumeSource [v1/core]

The following table describes the parameters for ISCSIVolumeSource object:

Field Type Description

chapAuthDiscovery

boolean

whether support iSCSI Discovery CHAP authentication

chapAuthSession

boolean

whether support iSCSI Session CHAP authentication

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi

initiatorName

string

Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.

iqn

string

Target iSCSI Qualified Name.

iscsiInterface

string

iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).

lun

integer

iSCSI Target Lun number.

portals

string array

iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.

secretRef

LocalObjectReference

CHAP Secret for iSCSI target and initiator authentication

targetPortal

string

iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

HostPathVolumeSource [v1/core]

The following table describes the parameters for HostPathVolumeSource object:

Field Type Description

path

string

Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

type

string

Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

GlusterfsVolumeSource [v1/core]

The following table describes the parameters for GlusterfsVolumeSource object:

Field Type Description

endpoints

string

EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

path

string

Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

readOnly

boolean

ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

GitRepoVolumeSource [v1/core]

The following table describes the parameters for GitRepoVolumeSource object:

Field Type Description

directory

string

Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.

repository

string

Repository URL

revision

string

Commit hash for the specified revision.

GCEPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for GCEPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

pdName

string

Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

FlockerVolumeSource [v1/core]

The following table describes the parameters for FlockerVolumeSource object:

Field Type Description

datasetName

string

Name of the dataset stored as metadata → name on the dataset for Flocker should be considered as deprecated

datasetUUID

string

UUID of the dataset. This is unique identifier of a Flocker dataset

FlexVolumeSource [v1/core]

The following table describes the parameters for FlexVolumeSource object:

Field Type Description

driver

string

Driver is the name of the driver to use for this volume.

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.

options

object

Optional: Extra command options if any.

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.

FCVolumeSource [v1/core]

The following table describes the parameters for FCVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

lun

integer

Optional: FC target lun number

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

targetWWNs

string array

Optional: FC target worldwide names (WWNs)

wwids

string array

Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.

EmptyDirVolumeSource [v1/core]

The following table describes the parameters for EmptyDirVolumeSource object:

Field Type Description

medium

string

What type of storage medium should back this directory. The default is "" which means to use the node’s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir

sizeLimit

Quantity

Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir

DownwardAPIVolumeSource [v1/core]

The following table describes the parameters for DownwardAPIVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

DownwardAPIVolumeFile array

Items is a list of downward API volume file

CSIVolumeSource [v1/core]

The following table describes the parameters for CSIVolumeSource object:

Field Type Description

driver

string

Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.

fsType

string

Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.

nodePublishSecretRef

LocalObjectReference

NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.

readOnly

boolean

Specifies a read-only configuration for the volume. Defaults to false (read/write).

volumeAttributes

object

VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver’s documentation for supported values.

ConfigMapVolumeSource [v1/core]

The following table describes the parameters for ConfigMapVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its keys must be defined

CinderVolumeSource [v1/core]

The following table describes the parameters for CinderVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

secretRef

LocalObjectReference

Optional: points to a secret object containing parameters used to connect to RHOSP.

volumeID

string

volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

CephFSVolumeSource [v1/core]

The following table describes the parameters for CephFSVolumeSource object:

Field Type Description

monitors

string array

Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

path

string

Optional: Used as the mounted root, rather than the full Ceph tree, default is /

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretFile

string

Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretRef

LocalObjectReference

Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

user

string

Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

AzureFileVolumeSource [v1/core]

The following table describes the parameters for AzureFileVolumeSource object:

Field Type Description

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretName

string

the name of secret that contains Azure Storage Account Name and Key

shareName

string

Share Name

AzureDiskVolumeSource [v1/core]

The following table describes the parameters for AzureDiskVolumeSource object:

Field Type Description

cachingMode

string

Host Caching mode: None, Read Only, Read Write.

diskName

string

The Name of the data disk in the blob storage

diskURI

string

The URI the data disk in the blob storage

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

kind

string

Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

AWSElasticBlockStoreVolumeSource [v1/core]

The following table describes the parameters for AWSElasticBlockStoreVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).

readOnly

boolean

Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

volumeID

string

Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

TopologySpreadConstraint [v1/core]

The following table describes the parameters for TopologySpreadConstraint object:

Field Type Description

labelSelector

LabelSelector

LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.

maxSkew

integer

MaxSkew describes the degree to which pods may be unevenly distributed. It’s the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0:

zone1

zone2

zone3

P

- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It’s a required field. Default value is 1 and 0 is not allowed.

topologyKey

string

TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. It’s a required field.

whenUnsatisfiable

string

WhenUnsatisfiable indicates how to deal with a pod if it doesn’t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It’s considered as "Unsatisfiable" if and only if placing incoming pod on any topology violates "MaxSkew". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1:

zone1

zone2

zone3

P P P

P

LabelSelector [v1/meta]

The following table describes the parameters for LabelSelector object:

Field Type Description

matchExpressions

LabelSelectorRequirement array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchLabels

object

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

LabelSelectorRequirement [v1/meta]

The following table describes the parameters for LabelSelectorRequirement object:

Field Type Description

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

string array

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

Toleration [v1/core]

The following table describes the parameters for Toleration object:

Field Type Description

effect

string

Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.

key

string

Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.

operator

string

Operator represents a key’s relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.

tolerationSeconds

integer

TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.

value

string

Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.

PodSecurityContext [v1/core]

The following table describes the parameters for PodSecurityContext object:

Field Type Description

fsGroup

integer

A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:

1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR’d with rw-rw----

If unset, the Kubelet will not modify the ownership and permissions of any volume.

runAsGroup

integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

runAsNonRoot

boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser

integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

seLinuxOptions

SELinuxOptions

The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

supplementalGroups

integer array

A list of groups applied to the first process run in each container, in addition to the container’s primary GID. If unspecified, no groups will be added to any container.

sysctls

Sysctl array

Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch.

windowsOptions

WindowsSecurityContextOptions

The Windows specific settings applied to all containers. If unspecified, the options within a container’s SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

WindowsSecurityContextOptions [v1/core]

The following table describes the parameters for WindowsSecurityContextOptions object:

Field Type Description

gmsaCredentialSpec

string

GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.

gmsaCredentialSpecName

string

GMSACredentialSpecName is the name of the GMSA credential spec to use. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.

runAsUserName

string

The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. This field is alpha-level and it is only honored by servers that enable the WindowsRunAsUserName feature flag.

Sysctl [v1/core]

The following table describes the parameters for Sysctl object:

Field Type Description

name

string

Name of a property to set

value

string

Value of a property to set

SELinuxOptions [v1/core]

The following table describes the parameters for SELinuxOptions object:

Field Type Description

level

string

Level is SELinux level label that applies to the container.

role

string

Role is a SELinux role label that applies to the container.

type

string

Type is a SELinux type label that applies to the container.

user

string

User is a SELinux user label that applies to the container.

PodReadinessGate [v1/core]

The following table describes the parameters for PodReadinessGate object:

Field Type Description

conditionType

string

ConditionType refers to a condition in the pod’s condition list with matching type.

HostAlias [v1/core]

The following table describes the parameters for HostAlias object:

Field Type Description

hostnames

string array

Hostnames for the above IP address.

ip

string

IP address of the host file entry.

EphemeralContainer [v1/core]

The following table describes the parameters for EphemeralContainer object:

Field Type Description

args

string array

Arguments to the entrypoint. The docker image’s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

command

string array

Entrypoint array. Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

env

EnvVar array

List of environment variables to set in the container. Cannot be updated.

envFrom

EnvFromSource array

List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.

image

string

Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images

imagePullPolicy

string

Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images

lifecycle

Lifecycle

Lifecycle is not allowed for ephemeral containers.

livenessProbe

Probe

Probes are not allowed for ephemeral containers.

name

string

Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.

ports

ContainerPort array

Ports are not allowed for ephemeral containers.

readinessProbe

Probe

Probes are not allowed for ephemeral containers.

resources

ResourceRequirements

Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.

securityContext

SecurityContext

SecurityContext is not allowed for ephemeral containers.

startupProbe

Probe

Probes are not allowed for ephemeral containers.

stdin

boolean

Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.

stdinOnce

boolean

Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false

targetContainerName

string

If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container is run in whatever namespaces are shared for the pod. Note that the container runtime must support this feature.

terminationMessagePath

string

Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.

terminationMessagePolicy

string

Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.

tty

boolean

Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.

volumeDevices

VolumeDevice array

volumeDevices is the list of block devices to be used by the container. This is a beta feature.

volumeMounts

VolumeMount array

Pod volumes to mount into the container’s filesystem. Cannot be updated.

workingDir

string

Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.

VolumeMount [v1/core]

The following table describes the parameters for VolumeMount object:

Field Type Description

mountPath

string

Path within the container at which the volume should be mounted. Must not contain ':'.

mountPropagation

string

mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.

name

string

This must match the Name of a Volume.

readOnly

boolean

Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.

subPath

string

Path within the volume from which the container’s volume should be mounted. Defaults to "" (volume’s root).

subPathExpr

string

Expanded path within the volume from which the container’s volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container’s environment. Defaults to "" (volume’s root). SubPathExpr and SubPath are mutually exclusive. This field is beta in 1.15.

VolumeDevice [v1/core]

The following table describes the parameters for VolumeDevice object:

Field Type Description

devicePath

string

devicePath is the path inside of the container that the device will be mapped to.

name

string

name must match the name of a persistentVolumeClaim in the pod

SecurityContext [v1/core]

The following table describes the parameters for SecurityContext object:

Field Type Description

allowPrivilegeEscalation

boolean

AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN

capabilities

Capabilities

The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.

privileged

boolean

Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.

procMount

string

procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.

readOnlyRootFilesystem

boolean

Whether this container has a read-only root filesystem. Default is false.

runAsGroup

integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsNonRoot

boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser

integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

seLinuxOptions

SELinuxOptions

The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

windowsOptions

WindowsSecurityContextOptions

The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

Capabilities [v1/core]

The following table describes the parameters for Capabilities object:

Field Type Description

add

string array

Added capabilities

drop

string array

Removed capabilities

ResourceRequirements [v1/core]

The following table describes the parameters for ResourceRequirements object:

Field Type Description

limits

object

Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

requests

object

Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

ContainerPort [v1/core]

The following table describes the parameters for ContainerPort object:

Field Type Description

containerPort

integer

Number of port to expose on the pod’s IP address. This must be a valid port number, 0 < x < 65536.

hostIP

string

What host IP to bind the external port to.

hostPort

integer

Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.

name

string

If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.

protocol

string

Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".

Probe [v1/core]

The following table describes the parameters for Probe object:

Field Type Description

exec

ExecAction

One and only one of the following should be specified. Exec specifies the action to take.

failureThreshold

integer

Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.

httpGet

HTTPGetAction

HTTPGet specifies the http request to perform.

initialDelaySeconds

integer

Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

periodSeconds

integer

How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.

successThreshold

integer

Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

tcpSocket

TCPSocketAction

TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported

timeoutSeconds

integer

Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

TCPSocketAction [v1/core]

The following table describes the parameters for TCPSocketAction object:

Field Type Description

host

string

Optional: Host name to connect to, defaults to the pod IP.

port

Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

HTTPGetAction [v1/core]

The following table describes the parameters for HTTPGetAction object:

Field Type Description

host

string

Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.

httpHeaders

HTTPHeader array

Custom headers to set in the request. HTTP allows repeated headers.

path

string

Path to access on the HTTP server.

port

Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

scheme

string

Scheme to use for connecting to the host. Defaults to HTTP.

HTTPHeader [v1/core]

The following table describes the parameters for HTTPHeader object:

Field Type Description

name

string

The header field name

value

string

The header field value

ExecAction [v1/core]

The following table describes the parameters for ExecAction object:

Field Type Description

command

string array

Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('

Lifecycle [v1/core]

The following table describes the parameters for Lifecycle object:

Field Type Description

postStart

Handler

PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

preStop

Handler

PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod’s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod’s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

Handler [v1/core]

The following table describes the parameters for Handler object:

Field Type Description

exec

ExecAction

One and only one of the following should be specified. Exec specifies the action to take.

httpGet

HTTPGetAction

HTTPGet specifies the http request to perform.

tcpSocket

TCPSocketAction

TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported

EnvFromSource [v1/core]

The following table describes the parameters for EnvFromSource object:

Field Type Description

configMapRef

ConfigMapEnvSource

The ConfigMap to select from

prefix

string

An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.

secretRef

SecretEnvSource

The Secret to select from

SecretEnvSource [v1/core]

The following table describes the parameters for SecretEnvSource object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret must be defined

ConfigMapEnvSource [v1/core]

The following table describes the parameters for ConfigMapEnvSource object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap must be defined

EnvVar [v1/core]

The following table describes the parameters for EnvVar object:

Field Type Description

name

string

Name of the environment variable. Must be a C_IDENTIFIER.

value

string

Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".

valueFrom

EnvVarSource

Source for the environment variable’s value. Cannot be used if value is not empty.

EnvVarSource [v1/core]

The following table describes the parameters for EnvVarSource object:

Field Type Description

configMapKeyRef

ConfigMapKeySelector

Selects a key of a ConfigMap.

fieldRef

ObjectFieldSelector

Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP.

resourceFieldRef

ResourceFieldSelector

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.

secretKeyRef

SecretKeySelector

Selects a key of a secret in the pod’s namespace

SecretKeySelector [v1/core]

The following table describes the parameters for SecretKeySelector object:

Field Type Description

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

ConfigMapKeySelector [v1/core]

The following table describes the parameters for ConfigMapKeySelector object:

Field Type Description

key

string

The key to select.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its key must be defined

PodDNSConfig [v1/core]

The following table describes the parameters for PodDNSConfig object:

Field Type Description

nameservers

string array

A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.

options

PodDNSConfigOption array

A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.

searches

string array

A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.

PodDNSConfigOption [v1/core]

The following table describes the parameters for PodDNSConfigOption object:

Field Type Description

name

string

Required.

value

string

Container [v1/core]

The following table describes the parameters for Container object:

Field Type Description

args

string array

Arguments to the entrypoint. The docker image’s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

command

string array

Entrypoint array. Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

env

EnvVar array

List of environment variables to set in the container. Cannot be updated.

envFrom

EnvFromSource array

List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.

image

string

Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.

imagePullPolicy

string

Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images

lifecycle

Lifecycle

Actions that the management system should take in response to container lifecycle events. Cannot be updated.

livenessProbe

Probe

Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

name

string

Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.

ports

ContainerPort array

List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated.

readinessProbe

Probe

Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

resources

ResourceRequirements

Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

securityContext

SecurityContext

Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

startupProbe

Probe

StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod’s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is an alpha feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

stdin

boolean

Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.

stdinOnce

boolean

Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false

terminationMessagePath

string

Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.

terminationMessagePolicy

string

Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.

tty

boolean

Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.

volumeDevices

VolumeDevice array

volumeDevices is the list of block devices to be used by the container. This is a beta feature.

volumeMounts

VolumeMount array

Pod volumes to mount into the container’s filesystem. Cannot be updated.

workingDir

string

Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.

Affinity [v1/core]

The following table describes the parameters for Affinity object:

Field Type Description

nodeAffinity

NodeAffinity

Describes node affinity scheduling rules for the pod.

podAffinity

PodAffinity

Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).

podAntiAffinity

PodAntiAffinity

Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).

PodAntiAffinity [v1/core]

The following table describes the parameters for PodAntiAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

WeightedPodAffinityTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

PodAffinityTerm array

If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

PodAffinityTerm [v1/core]

The following table describes the parameters for PodAffinityTerm object:

Field Type Description

labelSelector

LabelSelector

A label query over a set of resources, in this case pods.

namespaces

string array

namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod’s namespace"

topologyKey

string

This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.

WeightedPodAffinityTerm [v1/core]

The following table describes the parameters for WeightedPodAffinityTerm object:

Field Type Description

podAffinityTerm

PodAffinityTerm

Required. A pod affinity term, associated with the corresponding weight.

weight

integer

weight associated with matching the corresponding podAffinityTerm, in the range 1-100.

PodAffinity [v1/core]

The following table describes the parameters for PodAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

WeightedPodAffinityTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

PodAffinityTerm array

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

NodeAffinity [v1/core]

The following table describes the parameters for NodeAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

PreferredSchedulingTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

NodeSelector

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.

NodeSelector [v1/core]

The following table describes the parameters for NodeSelector object:

Field Type Description

nodeSelectorTerms

NodeSelectorTerm array

Required. A list of node selector terms. The terms are ORed.

NodeSelectorTerm [v1/core]

The following table describes the parameters for NodeSelectorTerm object:

Field Type Description

matchExpressions

NodeSelectorRequirement array

A list of node selector requirements by node’s labels.

matchFields

NodeSelectorRequirement array

A list of node selector requirements by node’s fields.

NodeSelectorRequirement [v1/core]

The following table describes the parameters for NodeSelectorRequirement object:

Field Type Description

key

string

The label key that the selector applies to.

operator

string

Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.

values

string array

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.

PreferredSchedulingTerm [v1/core]

The following table describes the parameters for PreferredSchedulingTerm object:

Field Type Description

preference

NodeSelectorTerm

A node selector term, associated with the corresponding weight.

weight

integer

Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a Pod

HTTP request

post /api/v1/namespaces/{namespace}/pods

Table 345. HTTP body
Object	Type
`body`	Pod

Table 346. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 347. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 348. HTTP responses
Code	Type
200 - OK	Pod
201 - Created	Pod
202 - Accepted	Pod

Create Eviction

create eviction of a Pod

HTTP request

post /api/v1/namespaces/{namespace}/pods/{name}/eviction

Table 349. HTTP body
Object	Type
`body`	Eviction

Table 350. Path parameters
Parameter	Description
`name`	name of the Eviction
`namespace`	object name and auth scope, such as for teams and projects

Table 351. Query parameters
Parameter	Description
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
`pretty`	If 'true', then the output is pretty printed.

Table 352. HTTP responses
Code	Type
200 - OK	Eviction
201 - Created	Eviction
202 - Accepted	Eviction

Patch

partially update the specified Pod

HTTP request

patch /api/v1/namespaces/{namespace}/pods/{name}

Table 353. HTTP body
Object	Type
`body`	Patch

Table 354. Path parameters
Parameter	Description
`name`	name of the Pod
`namespace`	object name and auth scope, such as for teams and projects

Table 355. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 356. HTTP responses
Code	Type
200 - OK	Pod

Replace

replace the specified Pod

HTTP request

put /api/v1/namespaces/{namespace}/pods/{name}

Table 357. HTTP body
Object	Type
`body`	Pod

Table 358. Path parameters
Parameter	Description
`name`	name of the Pod
`namespace`	object name and auth scope, such as for teams and projects

Table 359. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 360. HTTP responses
Code	Type
200 - OK	Pod
201 - Created	Pod

Delete

delete a Pod

HTTP request

delete /api/v1/namespaces/{namespace}/pods/{name}

Table 361. HTTP body
Object	Type
`body`	DeleteOptions

Table 362. Path parameters
Parameter	Description
`name`	name of the Pod
`namespace`	object name and auth scope, such as for teams and projects

Table 363. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 364. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of Pod

HTTP request

delete /api/v1/namespaces/{namespace}/pods

Table 365. HTTP body
Object	Type
`body`	DeleteOptions

Table 366. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 367. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 368. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified Pod

HTTP request

get /api/v1/namespaces/{namespace}/pods/{name}

Table 369. Path parameters
Parameter	Description
`name`	name of the Pod
`namespace`	object name and auth scope, such as for teams and projects

Table 370. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 371. HTTP responses
Code	Type
200 - OK	Pod

List

list or watch objects of kind Pod

HTTP request

get /api/v1/namespaces/{namespace}/pods

Table 372. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 373. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 374. HTTP responses
Code	Type
200 - OK	PodList

List All Namespaces

list or watch objects of kind Pod

HTTP request

get /api/v1/pods

Table 375. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 376. HTTP responses
Code	Type
200 - OK	PodList

Watch

watch changes to an object of kind Pod. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /api/v1/watch/namespaces/{namespace}/pods/{name}

Table 377. Path parameters
Parameter	Description
`name`	name of the Pod
`namespace`	object name and auth scope, such as for teams and projects

Table 378. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 379. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of Pod. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /api/v1/watch/namespaces/{namespace}/pods

Table 380. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 381. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 382. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List All Namespaces

watch individual changes to a list of Pod. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /api/v1/watch/pods

Table 383. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 384. HTTP responses
Code	Type
200 - OK	WatchEvent

Status Operations

Patch Status

partially update status of the specified Pod

HTTP request

patch /api/v1/namespaces/{namespace}/pods/{name}/status

Table 385. HTTP body
Object	Type
`body`	Patch

Table 386. Path parameters
Parameter	Description
`name`	name of the Pod
`namespace`	object name and auth scope, such as for teams and projects

Table 387. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 388. HTTP responses
Code	Type
200 - OK	Pod

Read Status

read status of the specified Pod

HTTP request

get /api/v1/namespaces/{namespace}/pods/{name}/status

Table 389. Path parameters
Parameter	Description
`name`	name of the Pod
`namespace`	object name and auth scope, such as for teams and projects

Table 390. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 391. HTTP responses
Code	Type
200 - OK	Pod

Replace Status

replace status of the specified Pod

HTTP request

put /api/v1/namespaces/{namespace}/pods/{name}/status

Table 392. HTTP body
Object	Type
`body`	Pod

Table 393. Path parameters
Parameter	Description
`name`	name of the Pod
`namespace`	object name and auth scope, such as for teams and projects

Table 394. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 395. HTTP responses
Code	Type
200 - OK	Pod
201 - Created	Pod

Proxy Operations

Create Connect Portforward

connect POST requests to portforward of Pod

HTTP request

post /api/v1/namespaces/{namespace}/pods/{name}/portforward

Table 396. Path parameters
Parameter	Description
`name`	name of the PodPortForwardOptions
`namespace`	object name and auth scope, such as for teams and projects

Table 397. Query parameters
Parameter	Description
`ports`	List of ports to forward Required when using WebSockets

Table 398. HTTP responses
Code	Type
200 - OK	string

Create Connect Proxy

connect POST requests to proxy of Pod

HTTP request

post /api/v1/namespaces/{namespace}/pods/{name}/proxy

Table 399. Path parameters
Parameter	Description
`name`	name of the PodProxyOptions
`namespace`	object name and auth scope, such as for teams and projects

Table 400. Query parameters
Parameter	Description
`path`	Path is the URL path to use for the current proxy request to pod.

Table 401. HTTP responses
Code	Type
200 - OK	string

Create Connect Proxy Path

connect POST requests to proxy of Pod

HTTP request

post /api/v1/namespaces/{namespace}/pods/{name}/proxy/{path}

Table 402. Path parameters
Parameter	Description
`name`	name of the PodProxyOptions
`namespace`	object name and auth scope, such as for teams and projects
`path`	path to the resource

Table 403. Query parameters
Parameter	Description
`path`	Path is the URL path to use for the current proxy request to pod.

Table 404. HTTP responses
Code	Type
200 - OK	string

Create Proxy

connect DELETE requests to proxy of Pod

HTTP request

delete /api/v1/namespaces/{namespace}/pods/{name}/proxy

Table 405. Path parameters
Parameter	Description
`name`	name of the PodProxyOptions
`namespace`	object name and auth scope, such as for teams and projects

Table 406. Query parameters
Parameter	Description
`path`	Path is the URL path to use for the current proxy request to pod.

Table 407. HTTP responses
Code	Type
200 - OK	string

Delete Connect Proxy Path

connect DELETE requests to proxy of Pod

HTTP request

delete /api/v1/namespaces/{namespace}/pods/{name}/proxy/{path}

Table 408. Path parameters
Parameter	Description
`name`	name of the PodProxyOptions
`namespace`	object name and auth scope, such as for teams and projects
`path`	path to the resource

Table 409. Query parameters
Parameter	Description
`path`	Path is the URL path to use for the current proxy request to pod.

Table 410. HTTP responses
Code	Type
200 - OK	string

Get Connect Portforward

connect GET requests to portforward of Pod

HTTP request

get /api/v1/namespaces/{namespace}/pods/{name}/portforward

Table 411. Path parameters
Parameter	Description
`name`	name of the PodPortForwardOptions
`namespace`	object name and auth scope, such as for teams and projects

Table 412. Query parameters
Parameter	Description
`ports`	List of ports to forward Required when using WebSockets

Table 413. HTTP responses
Code	Type
200 - OK	string

Get Connect Proxy

connect GET requests to proxy of Pod

HTTP request

get /api/v1/namespaces/{namespace}/pods/{name}/proxy

Table 414. Path parameters
Parameter	Description
`name`	name of the PodProxyOptions
`namespace`	object name and auth scope, such as for teams and projects

Table 415. Query parameters
Parameter	Description
`path`	Path is the URL path to use for the current proxy request to pod.

Table 416. HTTP responses
Code	Type
200 - OK	string

Get Connect Proxy Path

connect GET requests to proxy of Pod

HTTP request

get /api/v1/namespaces/{namespace}/pods/{name}/proxy/{path}

Table 417. Path parameters
Parameter	Description
`name`	name of the PodProxyOptions
`namespace`	object name and auth scope, such as for teams and projects
`path`	path to the resource

Table 418. Query parameters
Parameter	Description
`path`	Path is the URL path to use for the current proxy request to pod.

Table 419. HTTP responses
Code	Type
200 - OK	string

Head Connect Proxy

connect HEAD requests to proxy of Pod

HTTP request

head /api/v1/namespaces/{namespace}/pods/{name}/proxy

Table 420. Path parameters
Parameter	Description
`name`	name of the PodProxyOptions
`namespace`	object name and auth scope, such as for teams and projects

Table 421. Query parameters
Parameter	Description
`path`	Path is the URL path to use for the current proxy request to pod.

Table 422. HTTP responses
Code	Type
200 - OK	string

Head Connect Proxy Path

connect HEAD requests to proxy of Pod

HTTP request

head /api/v1/namespaces/{namespace}/pods/{name}/proxy/{path}

Table 423. Path parameters
Parameter	Description
`name`	name of the PodProxyOptions
`namespace`	object name and auth scope, such as for teams and projects
`path`	path to the resource

Table 424. Query parameters
Parameter	Description
`path`	Path is the URL path to use for the current proxy request to pod.

Table 425. HTTP responses
Code	Type
200 - OK	string

Replace Connect Proxy

connect PUT requests to proxy of Pod

HTTP request

put /api/v1/namespaces/{namespace}/pods/{name}/proxy

Table 426. Path parameters
Parameter	Description
`name`	name of the PodProxyOptions
`namespace`	object name and auth scope, such as for teams and projects

Table 427. Query parameters
Parameter	Description
`path`	Path is the URL path to use for the current proxy request to pod.

Table 428. HTTP responses
Code	Type
200 - OK	string

Replace Connect Proxy Path

connect PUT requests to proxy of Pod

HTTP request

put /api/v1/namespaces/{namespace}/pods/{name}/proxy/{path}

Table 429. Path parameters
Parameter	Description
`name`	name of the PodProxyOptions
`namespace`	object name and auth scope, such as for teams and projects
`path`	path to the resource

Table 430. Query parameters
Parameter	Description
`path`	Path is the URL path to use for the current proxy request to pod.

Table 431. HTTP responses
Code	Type
200 - OK	string

Misc Operations

Read Log

read log of the specified Pod

HTTP request

get /api/v1/namespaces/{namespace}/pods/{name}/log

Table 432. Path parameters
Parameter	Description
`name`	name of the Pod
`namespace`	object name and auth scope, such as for teams and projects

Table 433. Query parameters
Parameter	Description
`container`	The container for which to stream logs. Defaults to only container if there is one container in the pod.
`follow`	Follow the log stream of the pod. Defaults to false.
`insecureSkipTLSVerifyBackend`	insecureSkipTLSVerifyBackend indicates that the apiserver should not confirm the validity of the serving certificate of the backend it is connecting to. This will make the HTTPS connection between the apiserver and the backend insecure. This means the apiserver cannot verify the log data it is receiving came from the real kubelet. If the kubelet is configured to verify the apiserver’s TLS credentials, it does not mean the connection to the real kubelet is vulnerable to a man in the middle attack (e.g. an attacker could not intercept the actual log data coming from the real kubelet).
`limitBytes`	If set, the number of bytes to read from the server before terminating the log output. This may not display a complete final line of logging, and may return slightly more or slightly less than the specified limit.
`pretty`	If 'true', then the output is pretty printed.
`previous`	Return previous terminated container logs. Defaults to false.
`sinceSeconds`	A relative time in seconds before the current time from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.
`tailLines`	If set, the number of lines from the end of the logs to show. If not specified, logs are shown from the creation of the container or sinceSeconds or sinceTime
`timestamps`	If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line of log output. Defaults to false.

Table 434. HTTP responses
Code	Type
200 - OK	string

PodTemplate v1 core

Appears in

PodTemplateList [core/v1]

Definitions

PodTemplate [v1/core]

The following table describes the parameters for the PodTemplate object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

template

PodTemplateSpec

Template defines the pods that will be created from this pod template. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

PodTemplateSpec [v1/core]

The following table describes the parameters for PodTemplateSpec object:

Field Type Description

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

PodSpec

Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

PodTemplateList [v1/core]

The following table describes the parameters for PodTemplateList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

PodTemplate array

List of pod templates

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

PodSpec [v1/core]

The following table describes the parameters for PodSpec object:

Field Type Description

activeDeadlineSeconds

integer

Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.

affinity

Affinity

If specified, the pod’s scheduling constraints

automountServiceAccountToken

boolean

AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.

containers

Container array

List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.

dnsConfig

PodDNSConfig

Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.

dnsPolicy

string

Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.

enableServiceLinks

boolean

EnableServiceLinks indicates whether information about services should be injected into pod’s environment variables, matching the syntax of Docker links. Optional: Defaults to true.

ephemeralContainers

EphemeralContainer array

List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod’s ephemeralcontainers subresource. This field is alpha-level and is only honored by servers that enable the EphemeralContainers feature.

hostAliases

HostAlias array

HostAliases is an optional list of hosts and IPs that will be injected into the pod’s hosts file if specified. This is only valid for non-hostNetwork pods.

hostIPC

boolean

Use the host’s ipc namespace. Optional: Default to false.

hostNetwork

boolean

Host networking requested for this pod. Use the host’s network namespace. If this option is set, the ports that will be used must be specified. Default to false.

hostPID

boolean

Use the host’s pid namespace. Optional: Default to false.

hostname

string

Specifies the hostname of the Pod If not specified, the pod’s hostname will be set to a system-defined value.

imagePullSecrets

LocalObjectReference array

ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod

initContainers

Container array

List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

nodeName

string

NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.

nodeSelector

object

NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node’s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/

overhead

object

Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md This field is alpha-level as of Kubernetes v1.16, and is only honored by servers that enable the PodOverhead feature.

preemptionPolicy

string

PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. This field is alpha-level and is only honored by servers that enable the NonPreemptingPriority feature.

priority

integer

The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.

priorityClassName

string

If specified, indicates the pod’s priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.

readinessGates

PodReadinessGate array

If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md

restartPolicy

string

Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy

runtimeClassName

string

RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md This is a beta feature as of Kubernetes v1.14.

schedulerName

string

If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.

securityContext

PodSecurityContext

SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.

serviceAccount

string

DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.

serviceAccountName

string

ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

shareProcessNamespace

boolean

Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false. This field is beta-level and may be disabled with the PodShareProcessNamespace feature.

subdomain

string

If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not specified, the pod will not have a domainname at all.

terminationGracePeriodSeconds

integer

Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.

tolerations

Toleration array

If specified, the pod’s tolerations.

topologySpreadConstraints

TopologySpreadConstraint array

TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. This field is alpha-level and is only honored by clusters that enables the EvenPodsSpread feature. All topologySpreadConstraints are ANDed.

volumes

Volume array

List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes

Volume [v1/core]

The following table describes the parameters for Volume object:

Field Type Description

awsElasticBlockStore

AWSElasticBlockStoreVolumeSource

AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

azureDisk

AzureDiskVolumeSource

AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.

azureFile

AzureFileVolumeSource

AzureFile represents an Azure File Service mount on the host and bind mount to the pod.

cephfs

CephFSVolumeSource

CephFS represents a Ceph FS mount on the host that shares a pod’s lifetime

cinder

CinderVolumeSource

Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

configMap

ConfigMapVolumeSource

ConfigMap represents a configMap that should populate this volume

csi

CSIVolumeSource

CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature).

downwardAPI

DownwardAPIVolumeSource

DownwardAPI represents downward API about the pod that should populate this volume

emptyDir

EmptyDirVolumeSource

EmptyDir represents a temporary directory that shares a pod’s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir

fc

FCVolumeSource

FC represents a Fibre Channel resource that is attached to a kubelet’s host machine and then exposed to the pod.

flexVolume

FlexVolumeSource

FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.

flocker

FlockerVolumeSource

Flocker represents a Flocker volume attached to a kubelet’s host machine. This depends on the Flocker control service being running

gcePersistentDisk

GCEPersistentDiskVolumeSource

GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

gitRepo

GitRepoVolumeSource

GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod’s container.

glusterfs

GlusterfsVolumeSource

Glusterfs represents a Glusterfs mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md

hostPath

HostPathVolumeSource

HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

iscsi

ISCSIVolumeSource

ISCSI represents an ISCSI Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md

name

string

Volume’s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

nfs

NFSVolumeSource

NFS represents an NFS mount on the host that shares a pod’s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

persistentVolumeClaim

PersistentVolumeClaimVolumeSource

PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

photonPersistentDisk

PhotonPersistentDiskVolumeSource

PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine

portworxVolume

PortworxVolumeSource

PortworxVolume represents a portworx volume attached and mounted on kubelets host machine

projected

ProjectedVolumeSource

Items for all in one resources secrets, configmaps, and downward API

quobyte

QuobyteVolumeSource

Quobyte represents a Quobyte mount on the host that shares a pod’s lifetime

rbd

RBDVolumeSource

RBD represents a Rados Block Device mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md

scaleIO

ScaleIOVolumeSource

ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.

secret

SecretVolumeSource

Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret

storageos

StorageOSVolumeSource

StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.

vsphereVolume

VsphereVirtualDiskVolumeSource

VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine

VsphereVirtualDiskVolumeSource [v1/core]

The following table describes the parameters for VsphereVirtualDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

storagePolicyID

string

Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.

storagePolicyName

string

Storage Policy Based Management (SPBM) profile name.

volumePath

string

Path that identifies vSphere volume vmdk

StorageOSVolumeSource [v1/core]

The following table describes the parameters for StorageOSVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.

volumeName

string

VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.

volumeNamespace

string

VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod’s namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.

LocalObjectReference [v1/core]

The following table describes the parameters for LocalObjectReference object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

SecretVolumeSource [v1/core]

The following table describes the parameters for SecretVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

optional

boolean

Specify whether the Secret or its keys must be defined

secretName

string

Name of the secret in the pod’s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret

KeyToPath [v1/core]

The following table describes the parameters for KeyToPath object:

Field Type Description

key

string

The key to project.

mode

integer

Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

path

string

The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.

ScaleIOVolumeSource [v1/core]

The following table describes the parameters for ScaleIOVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".

gateway

string

The host address of the ScaleIO API Gateway.

protectionDomain

string

The name of the ScaleIO Protection Domain for the configured storage.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.

sslEnabled

boolean

Flag to enable/disable SSL communication with Gateway, default false

storageMode

string

Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.

storagePool

string

The ScaleIO Storage Pool associated with the protection domain.

system

string

The name of the storage system as configured in ScaleIO.

volumeName

string

The name of a volume already created in the ScaleIO system that is associated with this volume source.

RBDVolumeSource [v1/core]

The following table describes the parameters for RBDVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd

image

string

The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

keyring

string

Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

monitors

string array

A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

pool

string

The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

secretRef

LocalObjectReference

SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

user

string

The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

QuobyteVolumeSource [v1/core]

The following table describes the parameters for QuobyteVolumeSource object:

Field Type Description

group

string

Group to map volume access to Default is no group

readOnly

boolean

ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.

registry

string

Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes

tenant

string

Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin

user

string

User to map volume access to Defaults to serivceaccount user

volume

string

Volume is a string that references an already created Quobyte volume by name.

ProjectedVolumeSource [v1/core]

The following table describes the parameters for ProjectedVolumeSource object:

Field Type Description

defaultMode

integer

Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

sources

VolumeProjection array

list of volume projections

VolumeProjection [v1/core]

The following table describes the parameters for VolumeProjection object:

Field Type Description

configMap

ConfigMapProjection

information about the configMap data to project

downwardAPI

DownwardAPIProjection

information about the downwardAPI data to project

secret

SecretProjection

information about the secret data to project

serviceAccountToken

ServiceAccountTokenProjection

information about the serviceAccountToken data to project

ServiceAccountTokenProjection [v1/core]

The following table describes the parameters for ServiceAccountTokenProjection object:

Field Type Description

audience

string

Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.

expirationSeconds

integer

ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.

path

string

Path is the path relative to the mount point of the file to project the token into.

SecretProjection [v1/core]

The following table describes the parameters for SecretProjection object:

Field Type Description

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

DownwardAPIProjection [v1/core]

The following table describes the parameters for DownwardAPIProjection object:

Field Type Description

items

DownwardAPIVolumeFile array

Items is a list of DownwardAPIVolume file

DownwardAPIVolumeFile [v1/core]

The following table describes the parameters for DownwardAPIVolumeFile object:

Field Type Description

fieldRef

ObjectFieldSelector

Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.

mode

integer

Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

path

string

Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'

resourceFieldRef

ResourceFieldSelector

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.

ResourceFieldSelector [v1/core]

The following table describes the parameters for ResourceFieldSelector object:

Field Type Description

containerName

string

Container name: required for volumes, optional for env vars

divisor

Quantity

Specifies the output format of the exposed resources, defaults to "1"

resource

string

Required: resource to select

Quantity [resource/core]

The following table describes the parameters for Quantity object:

Field

Type

Description

ObjectFieldSelector [v1/core]

The following table describes the parameters for ObjectFieldSelector object:

Field Type Description

apiVersion

string

Version of the schema the FieldPath is written in terms of, defaults to "v1".

fieldPath

string

Path of the field to select in the specified API version.

ConfigMapProjection [v1/core]

The following table describes the parameters for ConfigMapProjection object:

Field Type Description

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its keys must be defined

PortworxVolumeSource [v1/core]

The following table describes the parameters for PortworxVolumeSource object:

Field Type Description

fsType

string

FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

volumeID

string

VolumeID uniquely identifies a Portworx volume

PhotonPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for PhotonPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

pdID

string

ID that identifies Photon Controller persistent disk

PersistentVolumeClaimVolumeSource [v1/core]

The following table describes the parameters for PersistentVolumeClaimVolumeSource object:

Field Type Description

claimName

string

ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

readOnly

boolean

Will force the ReadOnly setting in VolumeMounts. Default false.

NFSVolumeSource [v1/core]

The following table describes the parameters for NFSVolumeSource object:

Field Type Description

path

string

Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

readOnly

boolean

ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

server

string

Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

ISCSIVolumeSource [v1/core]

The following table describes the parameters for ISCSIVolumeSource object:

Field Type Description

chapAuthDiscovery

boolean

whether support iSCSI Discovery CHAP authentication

chapAuthSession

boolean

whether support iSCSI Session CHAP authentication

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi

initiatorName

string

Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.

iqn

string

Target iSCSI Qualified Name.

iscsiInterface

string

iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).

lun

integer

iSCSI Target Lun number.

portals

string array

iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.

secretRef

LocalObjectReference

CHAP Secret for iSCSI target and initiator authentication

targetPortal

string

iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

HostPathVolumeSource [v1/core]

The following table describes the parameters for HostPathVolumeSource object:

Field Type Description

path

string

Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

type

string

Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

GlusterfsVolumeSource [v1/core]

The following table describes the parameters for GlusterfsVolumeSource object:

Field Type Description

endpoints

string

EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

path

string

Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

readOnly

boolean

ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

GitRepoVolumeSource [v1/core]

The following table describes the parameters for GitRepoVolumeSource object:

Field Type Description

directory

string

Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.

repository

string

Repository URL

revision

string

Commit hash for the specified revision.

GCEPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for GCEPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

pdName

string

Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

FlockerVolumeSource [v1/core]

The following table describes the parameters for FlockerVolumeSource object:

Field Type Description

datasetName

string

Name of the dataset stored as metadata → name on the dataset for Flocker should be considered as deprecated

datasetUUID

string

UUID of the dataset. This is unique identifier of a Flocker dataset

FlexVolumeSource [v1/core]

The following table describes the parameters for FlexVolumeSource object:

Field Type Description

driver

string

Driver is the name of the driver to use for this volume.

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.

options

object

Optional: Extra command options if any.

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.

FCVolumeSource [v1/core]

The following table describes the parameters for FCVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

lun

integer

Optional: FC target lun number

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

targetWWNs

string array

Optional: FC target worldwide names (WWNs)

wwids

string array

Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.

EmptyDirVolumeSource [v1/core]

The following table describes the parameters for EmptyDirVolumeSource object:

Field Type Description

medium

string

What type of storage medium should back this directory. The default is "" which means to use the node’s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir

sizeLimit

Quantity

Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir

DownwardAPIVolumeSource [v1/core]

The following table describes the parameters for DownwardAPIVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

DownwardAPIVolumeFile array

Items is a list of downward API volume file

CSIVolumeSource [v1/core]

The following table describes the parameters for CSIVolumeSource object:

Field Type Description

driver

string

Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.

fsType

string

Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.

nodePublishSecretRef

LocalObjectReference

NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.

readOnly

boolean

Specifies a read-only configuration for the volume. Defaults to false (read/write).

volumeAttributes

object

VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver’s documentation for supported values.

ConfigMapVolumeSource [v1/core]

The following table describes the parameters for ConfigMapVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its keys must be defined

CinderVolumeSource [v1/core]

The following table describes the parameters for CinderVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

secretRef

LocalObjectReference

Optional: points to a secret object containing parameters used to connect to RHOSP.

volumeID

string

volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

CephFSVolumeSource [v1/core]

The following table describes the parameters for CephFSVolumeSource object:

Field Type Description

monitors

string array

Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

path

string

Optional: Used as the mounted root, rather than the full Ceph tree, default is /

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretFile

string

Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretRef

LocalObjectReference

Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

user

string

Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

AzureFileVolumeSource [v1/core]

The following table describes the parameters for AzureFileVolumeSource object:

Field Type Description

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretName

string

the name of secret that contains Azure Storage Account Name and Key

shareName

string

Share Name

AzureDiskVolumeSource [v1/core]

The following table describes the parameters for AzureDiskVolumeSource object:

Field Type Description

cachingMode

string

Host Caching mode: None, Read Only, Read Write.

diskName

string

The Name of the data disk in the blob storage

diskURI

string

The URI the data disk in the blob storage

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

kind

string

Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

AWSElasticBlockStoreVolumeSource [v1/core]

The following table describes the parameters for AWSElasticBlockStoreVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).

readOnly

boolean

Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

volumeID

string

Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

TopologySpreadConstraint [v1/core]

The following table describes the parameters for TopologySpreadConstraint object:

Field Type Description

labelSelector

LabelSelector

LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.

maxSkew

integer

MaxSkew describes the degree to which pods may be unevenly distributed. It’s the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0:

zone1

zone2

zone3

P

- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It’s a required field. Default value is 1 and 0 is not allowed.

topologyKey

string

TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. It’s a required field.

whenUnsatisfiable

string

WhenUnsatisfiable indicates how to deal with a pod if it doesn’t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It’s considered as "Unsatisfiable" if and only if placing incoming pod on any topology violates "MaxSkew". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1:

zone1

zone2

zone3

P P P

P

LabelSelector [v1/meta]

The following table describes the parameters for LabelSelector object:

Field Type Description

matchExpressions

LabelSelectorRequirement array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchLabels

object

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

LabelSelectorRequirement [v1/meta]

The following table describes the parameters for LabelSelectorRequirement object:

Field Type Description

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

string array

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

Toleration [v1/core]

The following table describes the parameters for Toleration object:

Field Type Description

effect

string

Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.

key

string

Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.

operator

string

Operator represents a key’s relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.

tolerationSeconds

integer

TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.

value

string

Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.

PodSecurityContext [v1/core]

The following table describes the parameters for PodSecurityContext object:

Field Type Description

fsGroup

integer

A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:

1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR’d with rw-rw----

If unset, the Kubelet will not modify the ownership and permissions of any volume.

runAsGroup

integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

runAsNonRoot

boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser

integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

seLinuxOptions

SELinuxOptions

The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

supplementalGroups

integer array

A list of groups applied to the first process run in each container, in addition to the container’s primary GID. If unspecified, no groups will be added to any container.

sysctls

Sysctl array

Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch.

windowsOptions

WindowsSecurityContextOptions

The Windows specific settings applied to all containers. If unspecified, the options within a container’s SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

WindowsSecurityContextOptions [v1/core]

The following table describes the parameters for WindowsSecurityContextOptions object:

Field Type Description

gmsaCredentialSpec

string

GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.

gmsaCredentialSpecName

string

GMSACredentialSpecName is the name of the GMSA credential spec to use. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.

runAsUserName

string

The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. This field is alpha-level and it is only honored by servers that enable the WindowsRunAsUserName feature flag.

Sysctl [v1/core]

The following table describes the parameters for Sysctl object:

Field Type Description

name

string

Name of a property to set

value

string

Value of a property to set

SELinuxOptions [v1/core]

The following table describes the parameters for SELinuxOptions object:

Field Type Description

level

string

Level is SELinux level label that applies to the container.

role

string

Role is a SELinux role label that applies to the container.

type

string

Type is a SELinux type label that applies to the container.

user

string

User is a SELinux user label that applies to the container.

PodReadinessGate [v1/core]

The following table describes the parameters for PodReadinessGate object:

Field Type Description

conditionType

string

ConditionType refers to a condition in the pod’s condition list with matching type.

HostAlias [v1/core]

The following table describes the parameters for HostAlias object:

Field Type Description

hostnames

string array

Hostnames for the above IP address.

ip

string

IP address of the host file entry.

EphemeralContainer [v1/core]

The following table describes the parameters for EphemeralContainer object:

Field Type Description

args

string array

Arguments to the entrypoint. The docker image’s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

command

string array

Entrypoint array. Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

env

EnvVar array

List of environment variables to set in the container. Cannot be updated.

envFrom

EnvFromSource array

List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.

image

string

Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images

imagePullPolicy

string

Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images

lifecycle

Lifecycle

Lifecycle is not allowed for ephemeral containers.

livenessProbe

Probe

Probes are not allowed for ephemeral containers.

name

string

Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.

ports

ContainerPort array

Ports are not allowed for ephemeral containers.

readinessProbe

Probe

Probes are not allowed for ephemeral containers.

resources

ResourceRequirements

Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.

securityContext

SecurityContext

SecurityContext is not allowed for ephemeral containers.

startupProbe

Probe

Probes are not allowed for ephemeral containers.

stdin

boolean

Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.

stdinOnce

boolean

Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false

targetContainerName

string

If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container is run in whatever namespaces are shared for the pod. Note that the container runtime must support this feature.

terminationMessagePath

string

Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.

terminationMessagePolicy

string

Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.

tty

boolean

Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.

volumeDevices

VolumeDevice array

volumeDevices is the list of block devices to be used by the container. This is a beta feature.

volumeMounts

VolumeMount array

Pod volumes to mount into the container’s filesystem. Cannot be updated.

workingDir

string

Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.

VolumeMount [v1/core]

The following table describes the parameters for VolumeMount object:

Field Type Description

mountPath

string

Path within the container at which the volume should be mounted. Must not contain ':'.

mountPropagation

string

mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.

name

string

This must match the Name of a Volume.

readOnly

boolean

Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.

subPath

string

Path within the volume from which the container’s volume should be mounted. Defaults to "" (volume’s root).

subPathExpr

string

Expanded path within the volume from which the container’s volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container’s environment. Defaults to "" (volume’s root). SubPathExpr and SubPath are mutually exclusive. This field is beta in 1.15.

VolumeDevice [v1/core]

The following table describes the parameters for VolumeDevice object:

Field Type Description

devicePath

string

devicePath is the path inside of the container that the device will be mapped to.

name

string

name must match the name of a persistentVolumeClaim in the pod

SecurityContext [v1/core]

The following table describes the parameters for SecurityContext object:

Field Type Description

allowPrivilegeEscalation

boolean

AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN

capabilities

Capabilities

The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.

privileged

boolean

Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.

procMount

string

procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.

readOnlyRootFilesystem

boolean

Whether this container has a read-only root filesystem. Default is false.

runAsGroup

integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsNonRoot

boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser

integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

seLinuxOptions

SELinuxOptions

The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

windowsOptions

WindowsSecurityContextOptions

The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

Capabilities [v1/core]

The following table describes the parameters for Capabilities object:

Field Type Description

add

string array

Added capabilities

drop

string array

Removed capabilities

ResourceRequirements [v1/core]

The following table describes the parameters for ResourceRequirements object:

Field Type Description

limits

object

Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

requests

object

Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

ContainerPort [v1/core]

The following table describes the parameters for ContainerPort object:

Field Type Description

containerPort

integer

Number of port to expose on the pod’s IP address. This must be a valid port number, 0 < x < 65536.

hostIP

string

What host IP to bind the external port to.

hostPort

integer

Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.

name

string

If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.

protocol

string

Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".

Probe [v1/core]

The following table describes the parameters for Probe object:

Field Type Description

exec

ExecAction

One and only one of the following should be specified. Exec specifies the action to take.

failureThreshold

integer

Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.

httpGet

HTTPGetAction

HTTPGet specifies the http request to perform.

initialDelaySeconds

integer

Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

periodSeconds

integer

How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.

successThreshold

integer

Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

tcpSocket

TCPSocketAction

TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported

timeoutSeconds

integer

Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

TCPSocketAction [v1/core]

The following table describes the parameters for TCPSocketAction object:

Field Type Description

host

string

Optional: Host name to connect to, defaults to the pod IP.

port

Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

HTTPGetAction [v1/core]

The following table describes the parameters for HTTPGetAction object:

Field Type Description

host

string

Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.

httpHeaders

HTTPHeader array

Custom headers to set in the request. HTTP allows repeated headers.

path

string

Path to access on the HTTP server.

port

Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

scheme

string

Scheme to use for connecting to the host. Defaults to HTTP.

HTTPHeader [v1/core]

The following table describes the parameters for HTTPHeader object:

Field Type Description

name

string

The header field name

value

string

The header field value

ExecAction [v1/core]

The following table describes the parameters for ExecAction object:

Field Type Description

command

string array

Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('

Lifecycle [v1/core]

The following table describes the parameters for Lifecycle object:

Field Type Description

postStart

Handler

PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

preStop

Handler

PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod’s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod’s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

Handler [v1/core]

The following table describes the parameters for Handler object:

Field Type Description

exec

ExecAction

One and only one of the following should be specified. Exec specifies the action to take.

httpGet

HTTPGetAction

HTTPGet specifies the http request to perform.

tcpSocket

TCPSocketAction

TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported

EnvFromSource [v1/core]

The following table describes the parameters for EnvFromSource object:

Field Type Description

configMapRef

ConfigMapEnvSource

The ConfigMap to select from

prefix

string

An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.

secretRef

SecretEnvSource

The Secret to select from

SecretEnvSource [v1/core]

The following table describes the parameters for SecretEnvSource object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret must be defined

ConfigMapEnvSource [v1/core]

The following table describes the parameters for ConfigMapEnvSource object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap must be defined

EnvVar [v1/core]

The following table describes the parameters for EnvVar object:

Field Type Description

name

string

Name of the environment variable. Must be a C_IDENTIFIER.

value

string

Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".

valueFrom

EnvVarSource

Source for the environment variable’s value. Cannot be used if value is not empty.

EnvVarSource [v1/core]

The following table describes the parameters for EnvVarSource object:

Field Type Description

configMapKeyRef

ConfigMapKeySelector

Selects a key of a ConfigMap.

fieldRef

ObjectFieldSelector

Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP.

resourceFieldRef

ResourceFieldSelector

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.

secretKeyRef

SecretKeySelector

Selects a key of a secret in the pod’s namespace

SecretKeySelector [v1/core]

The following table describes the parameters for SecretKeySelector object:

Field Type Description

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

ConfigMapKeySelector [v1/core]

The following table describes the parameters for ConfigMapKeySelector object:

Field Type Description

key

string

The key to select.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its key must be defined

PodDNSConfig [v1/core]

The following table describes the parameters for PodDNSConfig object:

Field Type Description

nameservers

string array

A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.

options

PodDNSConfigOption array

A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.

searches

string array

A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.

PodDNSConfigOption [v1/core]

The following table describes the parameters for PodDNSConfigOption object:

Field Type Description

name

string

Required.

value

string

Container [v1/core]

The following table describes the parameters for Container object:

Field Type Description

args

string array

Arguments to the entrypoint. The docker image’s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

command

string array

Entrypoint array. Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

env

EnvVar array

List of environment variables to set in the container. Cannot be updated.

envFrom

EnvFromSource array

List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.

image

string

Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.

imagePullPolicy

string

Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images

lifecycle

Lifecycle

Actions that the management system should take in response to container lifecycle events. Cannot be updated.

livenessProbe

Probe

Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

name

string

Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.

ports

ContainerPort array

List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated.

readinessProbe

Probe

Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

resources

ResourceRequirements

Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

securityContext

SecurityContext

Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

startupProbe

Probe

StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod’s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is an alpha feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

stdin

boolean

Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.

stdinOnce

boolean

Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false

terminationMessagePath

string

Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.

terminationMessagePolicy

string

Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.

tty

boolean

Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.

volumeDevices

VolumeDevice array

volumeDevices is the list of block devices to be used by the container. This is a beta feature.

volumeMounts

VolumeMount array

Pod volumes to mount into the container’s filesystem. Cannot be updated.

workingDir

string

Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.

Affinity [v1/core]

The following table describes the parameters for Affinity object:

Field Type Description

nodeAffinity

NodeAffinity

Describes node affinity scheduling rules for the pod.

podAffinity

PodAffinity

Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).

podAntiAffinity

PodAntiAffinity

Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).

PodAntiAffinity [v1/core]

The following table describes the parameters for PodAntiAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

WeightedPodAffinityTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

PodAffinityTerm array

If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

PodAffinityTerm [v1/core]

The following table describes the parameters for PodAffinityTerm object:

Field Type Description

labelSelector

LabelSelector

A label query over a set of resources, in this case pods.

namespaces

string array

namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod’s namespace"

topologyKey

string

This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.

WeightedPodAffinityTerm [v1/core]

The following table describes the parameters for WeightedPodAffinityTerm object:

Field Type Description

podAffinityTerm

PodAffinityTerm

Required. A pod affinity term, associated with the corresponding weight.

weight

integer

weight associated with matching the corresponding podAffinityTerm, in the range 1-100.

PodAffinity [v1/core]

The following table describes the parameters for PodAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

WeightedPodAffinityTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

PodAffinityTerm array

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

NodeAffinity [v1/core]

The following table describes the parameters for NodeAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

PreferredSchedulingTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

NodeSelector

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.

NodeSelector [v1/core]

The following table describes the parameters for NodeSelector object:

Field Type Description

nodeSelectorTerms

NodeSelectorTerm array

Required. A list of node selector terms. The terms are ORed.

NodeSelectorTerm [v1/core]

The following table describes the parameters for NodeSelectorTerm object:

Field Type Description

matchExpressions

NodeSelectorRequirement array

A list of node selector requirements by node’s labels.

matchFields

NodeSelectorRequirement array

A list of node selector requirements by node’s fields.

NodeSelectorRequirement [v1/core]

The following table describes the parameters for NodeSelectorRequirement object:

Field Type Description

key

string

The label key that the selector applies to.

operator

string

Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.

values

string array

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.

PreferredSchedulingTerm [v1/core]

The following table describes the parameters for PreferredSchedulingTerm object:

Field Type Description

preference

NodeSelectorTerm

A node selector term, associated with the corresponding weight.

weight

integer

Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a PodTemplate

HTTP request

post /api/v1/namespaces/{namespace}/podtemplates

Table 435. HTTP body
Object	Type
`body`	PodTemplate

Table 436. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 437. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 438. HTTP responses
Code	Type
200 - OK	PodTemplate
201 - Created	PodTemplate
202 - Accepted	PodTemplate

Patch

partially update the specified PodTemplate

HTTP request

patch /api/v1/namespaces/{namespace}/podtemplates/{name}

Table 439. HTTP body
Object	Type
`body`	Patch

Table 440. Path parameters
Parameter	Description
`name`	name of the PodTemplate
`namespace`	object name and auth scope, such as for teams and projects

Table 441. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 442. HTTP responses
Code	Type
200 - OK	PodTemplate

Replace

replace the specified PodTemplate

HTTP request

put /api/v1/namespaces/{namespace}/podtemplates/{name}

Table 443. HTTP body
Object	Type
`body`	PodTemplate

Table 444. Path parameters
Parameter	Description
`name`	name of the PodTemplate
`namespace`	object name and auth scope, such as for teams and projects

Table 445. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 446. HTTP responses
Code	Type
200 - OK	PodTemplate
201 - Created	PodTemplate

Delete

delete a PodTemplate

HTTP request

delete /api/v1/namespaces/{namespace}/podtemplates/{name}

Table 447. HTTP body
Object	Type
`body`	DeleteOptions

Table 448. Path parameters
Parameter	Description
`name`	name of the PodTemplate
`namespace`	object name and auth scope, such as for teams and projects

Table 449. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 450. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of PodTemplate

HTTP request

delete /api/v1/namespaces/{namespace}/podtemplates

Table 451. HTTP body
Object	Type
`body`	DeleteOptions

Table 452. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 453. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 454. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified PodTemplate

HTTP request

get /api/v1/namespaces/{namespace}/podtemplates/{name}

Table 455. Path parameters
Parameter	Description
`name`	name of the PodTemplate
`namespace`	object name and auth scope, such as for teams and projects

Table 456. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 457. HTTP responses
Code	Type
200 - OK	PodTemplate

List

list or watch objects of kind PodTemplate

HTTP request

get /api/v1/namespaces/{namespace}/podtemplates

Table 458. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 459. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 460. HTTP responses
Code	Type
200 - OK	PodTemplateList

List All Namespaces

list or watch objects of kind PodTemplate

HTTP request

get /api/v1/podtemplates

Table 461. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 462. HTTP responses
Code	Type
200 - OK	PodTemplateList

Watch

watch changes to an object of kind PodTemplate. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /api/v1/watch/namespaces/{namespace}/podtemplates/{name}

Table 463. Path parameters
Parameter	Description
`name`	name of the PodTemplate
`namespace`	object name and auth scope, such as for teams and projects

Table 464. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 465. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of PodTemplate. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /api/v1/watch/namespaces/{namespace}/podtemplates

Table 466. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 467. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 468. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List All Namespaces

watch individual changes to a list of PodTemplate. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /api/v1/watch/podtemplates

Table 469. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 470. HTTP responses
Code	Type
200 - OK	WatchEvent

ReplicationController v1 core

Appears in

ReplicationControllerList [core/v1]

Definitions

ReplicationController [v1/core]

The following table describes the parameters for the ReplicationController object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

If the Labels of a ReplicationController are empty, they are defaulted to be the same as the Pod(s) that the replication controller manages. Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

ReplicationControllerSpec

Spec defines the specification of the desired behavior of the replication controller. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

status

ReplicationControllerStatus

Status is the most recently observed status of the replication controller. This data may be out of date by some window of time. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

ReplicationControllerSpec [v1/core]

The following table describes the parameters for ReplicationControllerSpec object:

Field Type Description

minReadySeconds

integer

Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)

replicas

integer

Replicas is the number of desired replicas. This is a pointer to distinguish between explicit zero and unspecified. Defaults to 1. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller

selector

object

Selector is a label query over pods that should match the Replicas count. If Selector is empty, it is defaulted to the labels present on the Pod template. Label keys and values that must match in order to be controlled by this replication controller, if empty defaulted to labels on Pod template. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors

template

PodTemplateSpec

Template is the object that describes the pod that will be created if insufficient replicas are detected. This takes precedence over a TemplateRef. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template

ReplicationControllerStatus [v1/core]

The following table describes the parameters for ReplicationControllerStatus object:

Field Type Description

availableReplicas

integer

The number of available replicas (ready for at least minReadySeconds) for this replication controller.

conditions

ReplicationControllerCondition array

Represents the latest available observations of a replication controller’s current state.

fullyLabeledReplicas

integer

The number of pods that have labels matching the labels of the pod template of the replication controller.

observedGeneration

integer

ObservedGeneration reflects the generation of the most recently observed replication controller.

readyReplicas

integer

The number of ready replicas for this replication controller.

replicas

integer

Replicas is the most recently oberved number of replicas. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller

ReplicationControllerList [v1/core]

The following table describes the parameters for ReplicationControllerList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

ReplicationController array

List of replication controllers. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

ReplicationControllerCondition [v1/core]

The following table describes the parameters for ReplicationControllerCondition object:

Field Type Description

lastTransitionTime

Time

The last time the condition transitioned from one status to another.

message

string

A human readable message indicating details about the transition.

reason

string

The reason for the condition’s last transition.

status

string

Status of the condition, one of True, False, Unknown.

type

string

Type of replication controller condition.

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

PodTemplateSpec [v1/core]

The following table describes the parameters for PodTemplateSpec object:

Field Type Description

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

PodSpec

Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

PodSpec [v1/core]

The following table describes the parameters for PodSpec object:

Field Type Description

activeDeadlineSeconds

integer

Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.

affinity

Affinity

If specified, the pod’s scheduling constraints

automountServiceAccountToken

boolean

AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.

containers

Container array

List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.

dnsConfig

PodDNSConfig

Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.

dnsPolicy

string

Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.

enableServiceLinks

boolean

EnableServiceLinks indicates whether information about services should be injected into pod’s environment variables, matching the syntax of Docker links. Optional: Defaults to true.

ephemeralContainers

EphemeralContainer array

List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod’s ephemeralcontainers subresource. This field is alpha-level and is only honored by servers that enable the EphemeralContainers feature.

hostAliases

HostAlias array

HostAliases is an optional list of hosts and IPs that will be injected into the pod’s hosts file if specified. This is only valid for non-hostNetwork pods.

hostIPC

boolean

Use the host’s ipc namespace. Optional: Default to false.

hostNetwork

boolean

Host networking requested for this pod. Use the host’s network namespace. If this option is set, the ports that will be used must be specified. Default to false.

hostPID

boolean

Use the host’s pid namespace. Optional: Default to false.

hostname

string

Specifies the hostname of the Pod If not specified, the pod’s hostname will be set to a system-defined value.

imagePullSecrets

LocalObjectReference array

ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod

initContainers

Container array

List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

nodeName

string

NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.

nodeSelector

object

NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node’s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/

overhead

object

Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md This field is alpha-level as of Kubernetes v1.16, and is only honored by servers that enable the PodOverhead feature.

preemptionPolicy

string

PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. This field is alpha-level and is only honored by servers that enable the NonPreemptingPriority feature.

priority

integer

The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.

priorityClassName

string

If specified, indicates the pod’s priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.

readinessGates

PodReadinessGate array

If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md

restartPolicy

string

Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy

runtimeClassName

string

RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md This is a beta feature as of Kubernetes v1.14.

schedulerName

string

If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.

securityContext

PodSecurityContext

SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.

serviceAccount

string

DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.

serviceAccountName

string

ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

shareProcessNamespace

boolean

Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false. This field is beta-level and may be disabled with the PodShareProcessNamespace feature.

subdomain

string

If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not specified, the pod will not have a domainname at all.

terminationGracePeriodSeconds

integer

Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.

tolerations

Toleration array

If specified, the pod’s tolerations.

topologySpreadConstraints

TopologySpreadConstraint array

TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. This field is alpha-level and is only honored by clusters that enables the EvenPodsSpread feature. All topologySpreadConstraints are ANDed.

volumes

Volume array

List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes

Volume [v1/core]

The following table describes the parameters for Volume object:

Field Type Description

awsElasticBlockStore

AWSElasticBlockStoreVolumeSource

AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

azureDisk

AzureDiskVolumeSource

AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.

azureFile

AzureFileVolumeSource

AzureFile represents an Azure File Service mount on the host and bind mount to the pod.

cephfs

CephFSVolumeSource

CephFS represents a Ceph FS mount on the host that shares a pod’s lifetime

cinder

CinderVolumeSource

Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

configMap

ConfigMapVolumeSource

ConfigMap represents a configMap that should populate this volume

csi

CSIVolumeSource

CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature).

downwardAPI

DownwardAPIVolumeSource

DownwardAPI represents downward API about the pod that should populate this volume

emptyDir

EmptyDirVolumeSource

EmptyDir represents a temporary directory that shares a pod’s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir

fc

FCVolumeSource

FC represents a Fibre Channel resource that is attached to a kubelet’s host machine and then exposed to the pod.

flexVolume

FlexVolumeSource

FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.

flocker

FlockerVolumeSource

Flocker represents a Flocker volume attached to a kubelet’s host machine. This depends on the Flocker control service being running

gcePersistentDisk

GCEPersistentDiskVolumeSource

GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

gitRepo

GitRepoVolumeSource

GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod’s container.

glusterfs

GlusterfsVolumeSource

Glusterfs represents a Glusterfs mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md

hostPath

HostPathVolumeSource

HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

iscsi

ISCSIVolumeSource

ISCSI represents an ISCSI Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md

name

string

Volume’s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

nfs

NFSVolumeSource

NFS represents an NFS mount on the host that shares a pod’s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

persistentVolumeClaim

PersistentVolumeClaimVolumeSource

PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

photonPersistentDisk

PhotonPersistentDiskVolumeSource

PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine

portworxVolume

PortworxVolumeSource

PortworxVolume represents a portworx volume attached and mounted on kubelets host machine

projected

ProjectedVolumeSource

Items for all in one resources secrets, configmaps, and downward API

quobyte

QuobyteVolumeSource

Quobyte represents a Quobyte mount on the host that shares a pod’s lifetime

rbd

RBDVolumeSource

RBD represents a Rados Block Device mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md

scaleIO

ScaleIOVolumeSource

ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.

secret

SecretVolumeSource

Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret

storageos

StorageOSVolumeSource

StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.

vsphereVolume

VsphereVirtualDiskVolumeSource

VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine

VsphereVirtualDiskVolumeSource [v1/core]

The following table describes the parameters for VsphereVirtualDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

storagePolicyID

string

Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.

storagePolicyName

string

Storage Policy Based Management (SPBM) profile name.

volumePath

string

Path that identifies vSphere volume vmdk

StorageOSVolumeSource [v1/core]

The following table describes the parameters for StorageOSVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.

volumeName

string

VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.

volumeNamespace

string

VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod’s namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.

LocalObjectReference [v1/core]

The following table describes the parameters for LocalObjectReference object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

SecretVolumeSource [v1/core]

The following table describes the parameters for SecretVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

optional

boolean

Specify whether the Secret or its keys must be defined

secretName

string

Name of the secret in the pod’s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret

KeyToPath [v1/core]

The following table describes the parameters for KeyToPath object:

Field Type Description

key

string

The key to project.

mode

integer

Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

path

string

The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.

ScaleIOVolumeSource [v1/core]

The following table describes the parameters for ScaleIOVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".

gateway

string

The host address of the ScaleIO API Gateway.

protectionDomain

string

The name of the ScaleIO Protection Domain for the configured storage.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.

sslEnabled

boolean

Flag to enable/disable SSL communication with Gateway, default false

storageMode

string

Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.

storagePool

string

The ScaleIO Storage Pool associated with the protection domain.

system

string

The name of the storage system as configured in ScaleIO.

volumeName

string

The name of a volume already created in the ScaleIO system that is associated with this volume source.

RBDVolumeSource [v1/core]

The following table describes the parameters for RBDVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd

image

string

The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

keyring

string

Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

monitors

string array

A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

pool

string

The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

secretRef

LocalObjectReference

SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

user

string

The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

QuobyteVolumeSource [v1/core]

The following table describes the parameters for QuobyteVolumeSource object:

Field Type Description

group

string

Group to map volume access to Default is no group

readOnly

boolean

ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.

registry

string

Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes

tenant

string

Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin

user

string

User to map volume access to Defaults to serivceaccount user

volume

string

Volume is a string that references an already created Quobyte volume by name.

ProjectedVolumeSource [v1/core]

The following table describes the parameters for ProjectedVolumeSource object:

Field Type Description

defaultMode

integer

Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

sources

VolumeProjection array

list of volume projections

VolumeProjection [v1/core]

The following table describes the parameters for VolumeProjection object:

Field Type Description

configMap

ConfigMapProjection

information about the configMap data to project

downwardAPI

DownwardAPIProjection

information about the downwardAPI data to project

secret

SecretProjection

information about the secret data to project

serviceAccountToken

ServiceAccountTokenProjection

information about the serviceAccountToken data to project

ServiceAccountTokenProjection [v1/core]

The following table describes the parameters for ServiceAccountTokenProjection object:

Field Type Description

audience

string

Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.

expirationSeconds

integer

ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.

path

string

Path is the path relative to the mount point of the file to project the token into.

SecretProjection [v1/core]

The following table describes the parameters for SecretProjection object:

Field Type Description

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

DownwardAPIProjection [v1/core]

The following table describes the parameters for DownwardAPIProjection object:

Field Type Description

items

DownwardAPIVolumeFile array

Items is a list of DownwardAPIVolume file

DownwardAPIVolumeFile [v1/core]

The following table describes the parameters for DownwardAPIVolumeFile object:

Field Type Description

fieldRef

ObjectFieldSelector

Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.

mode

integer

Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

path

string

Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'

resourceFieldRef

ResourceFieldSelector

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.

ResourceFieldSelector [v1/core]

The following table describes the parameters for ResourceFieldSelector object:

Field Type Description

containerName

string

Container name: required for volumes, optional for env vars

divisor

Quantity

Specifies the output format of the exposed resources, defaults to "1"

resource

string

Required: resource to select

Quantity [resource/core]

The following table describes the parameters for Quantity object:

Field

Type

Description

ObjectFieldSelector [v1/core]

The following table describes the parameters for ObjectFieldSelector object:

Field Type Description

apiVersion

string

Version of the schema the FieldPath is written in terms of, defaults to "v1".

fieldPath

string

Path of the field to select in the specified API version.

ConfigMapProjection [v1/core]

The following table describes the parameters for ConfigMapProjection object:

Field Type Description

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its keys must be defined

PortworxVolumeSource [v1/core]

The following table describes the parameters for PortworxVolumeSource object:

Field Type Description

fsType

string

FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

volumeID

string

VolumeID uniquely identifies a Portworx volume

PhotonPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for PhotonPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

pdID

string

ID that identifies Photon Controller persistent disk

PersistentVolumeClaimVolumeSource [v1/core]

The following table describes the parameters for PersistentVolumeClaimVolumeSource object:

Field Type Description

claimName

string

ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

readOnly

boolean

Will force the ReadOnly setting in VolumeMounts. Default false.

NFSVolumeSource [v1/core]

The following table describes the parameters for NFSVolumeSource object:

Field Type Description

path

string

Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

readOnly

boolean

ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

server

string

Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

ISCSIVolumeSource [v1/core]

The following table describes the parameters for ISCSIVolumeSource object:

Field Type Description

chapAuthDiscovery

boolean

whether support iSCSI Discovery CHAP authentication

chapAuthSession

boolean

whether support iSCSI Session CHAP authentication

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi

initiatorName

string

Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.

iqn

string

Target iSCSI Qualified Name.

iscsiInterface

string

iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).

lun

integer

iSCSI Target Lun number.

portals

string array

iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.

secretRef

LocalObjectReference

CHAP Secret for iSCSI target and initiator authentication

targetPortal

string

iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

HostPathVolumeSource [v1/core]

The following table describes the parameters for HostPathVolumeSource object:

Field Type Description

path

string

Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

type

string

Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

GlusterfsVolumeSource [v1/core]

The following table describes the parameters for GlusterfsVolumeSource object:

Field Type Description

endpoints

string

EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

path

string

Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

readOnly

boolean

ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

GitRepoVolumeSource [v1/core]

The following table describes the parameters for GitRepoVolumeSource object:

Field Type Description

directory

string

Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.

repository

string

Repository URL

revision

string

Commit hash for the specified revision.

GCEPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for GCEPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

pdName

string

Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

FlockerVolumeSource [v1/core]

The following table describes the parameters for FlockerVolumeSource object:

Field Type Description

datasetName

string

Name of the dataset stored as metadata → name on the dataset for Flocker should be considered as deprecated

datasetUUID

string

UUID of the dataset. This is unique identifier of a Flocker dataset

FlexVolumeSource [v1/core]

The following table describes the parameters for FlexVolumeSource object:

Field Type Description

driver

string

Driver is the name of the driver to use for this volume.

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.

options

object

Optional: Extra command options if any.

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.

FCVolumeSource [v1/core]

The following table describes the parameters for FCVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

lun

integer

Optional: FC target lun number

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

targetWWNs

string array

Optional: FC target worldwide names (WWNs)

wwids

string array

Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.

EmptyDirVolumeSource [v1/core]

The following table describes the parameters for EmptyDirVolumeSource object:

Field Type Description

medium

string

What type of storage medium should back this directory. The default is "" which means to use the node’s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir

sizeLimit

Quantity

Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir

DownwardAPIVolumeSource [v1/core]

The following table describes the parameters for DownwardAPIVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

DownwardAPIVolumeFile array

Items is a list of downward API volume file

CSIVolumeSource [v1/core]

The following table describes the parameters for CSIVolumeSource object:

Field Type Description

driver

string

Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.

fsType

string

Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.

nodePublishSecretRef

LocalObjectReference

NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.

readOnly

boolean

Specifies a read-only configuration for the volume. Defaults to false (read/write).

volumeAttributes

object

VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver’s documentation for supported values.

ConfigMapVolumeSource [v1/core]

The following table describes the parameters for ConfigMapVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its keys must be defined

CinderVolumeSource [v1/core]

The following table describes the parameters for CinderVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

secretRef

LocalObjectReference

Optional: points to a secret object containing parameters used to connect to RHOSP.

volumeID

string

volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

CephFSVolumeSource [v1/core]

The following table describes the parameters for CephFSVolumeSource object:

Field Type Description

monitors

string array

Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

path

string

Optional: Used as the mounted root, rather than the full Ceph tree, default is /

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretFile

string

Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretRef

LocalObjectReference

Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

user

string

Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

AzureFileVolumeSource [v1/core]

The following table describes the parameters for AzureFileVolumeSource object:

Field Type Description

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretName

string

the name of secret that contains Azure Storage Account Name and Key

shareName

string

Share Name

AzureDiskVolumeSource [v1/core]

The following table describes the parameters for AzureDiskVolumeSource object:

Field Type Description

cachingMode

string

Host Caching mode: None, Read Only, Read Write.

diskName

string

The Name of the data disk in the blob storage

diskURI

string

The URI the data disk in the blob storage

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

kind

string

Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

AWSElasticBlockStoreVolumeSource [v1/core]

The following table describes the parameters for AWSElasticBlockStoreVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).

readOnly

boolean

Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

volumeID

string

Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

TopologySpreadConstraint [v1/core]

The following table describes the parameters for TopologySpreadConstraint object:

Field Type Description

labelSelector

LabelSelector

LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.

maxSkew

integer

MaxSkew describes the degree to which pods may be unevenly distributed. It’s the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0:

zone1

zone2

zone3

P

- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It’s a required field. Default value is 1 and 0 is not allowed.

topologyKey

string

TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. It’s a required field.

whenUnsatisfiable

string

WhenUnsatisfiable indicates how to deal with a pod if it doesn’t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It’s considered as "Unsatisfiable" if and only if placing incoming pod on any topology violates "MaxSkew". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1:

zone1

zone2

zone3

P P P

P

LabelSelector [v1/meta]

The following table describes the parameters for LabelSelector object:

Field Type Description

matchExpressions

LabelSelectorRequirement array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchLabels

object

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

LabelSelectorRequirement [v1/meta]

The following table describes the parameters for LabelSelectorRequirement object:

Field Type Description

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

string array

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

Toleration [v1/core]

The following table describes the parameters for Toleration object:

Field Type Description

effect

string

Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.

key

string

Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.

operator

string

Operator represents a key’s relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.

tolerationSeconds

integer

TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.

value

string

Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.

PodSecurityContext [v1/core]

The following table describes the parameters for PodSecurityContext object:

Field Type Description

fsGroup

integer

A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:

1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR’d with rw-rw----

If unset, the Kubelet will not modify the ownership and permissions of any volume.

runAsGroup

integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

runAsNonRoot

boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser

integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

seLinuxOptions

SELinuxOptions

The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

supplementalGroups

integer array

A list of groups applied to the first process run in each container, in addition to the container’s primary GID. If unspecified, no groups will be added to any container.

sysctls

Sysctl array

Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch.

windowsOptions

WindowsSecurityContextOptions

The Windows specific settings applied to all containers. If unspecified, the options within a container’s SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

WindowsSecurityContextOptions [v1/core]

The following table describes the parameters for WindowsSecurityContextOptions object:

Field Type Description

gmsaCredentialSpec

string

GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.

gmsaCredentialSpecName

string

GMSACredentialSpecName is the name of the GMSA credential spec to use. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.

runAsUserName

string

The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. This field is alpha-level and it is only honored by servers that enable the WindowsRunAsUserName feature flag.

Sysctl [v1/core]

The following table describes the parameters for Sysctl object:

Field Type Description

name

string

Name of a property to set

value

string

Value of a property to set

SELinuxOptions [v1/core]

The following table describes the parameters for SELinuxOptions object:

Field Type Description

level

string

Level is SELinux level label that applies to the container.

role

string

Role is a SELinux role label that applies to the container.

type

string

Type is a SELinux type label that applies to the container.

user

string

User is a SELinux user label that applies to the container.

PodReadinessGate [v1/core]

The following table describes the parameters for PodReadinessGate object:

Field Type Description

conditionType

string

ConditionType refers to a condition in the pod’s condition list with matching type.

HostAlias [v1/core]

The following table describes the parameters for HostAlias object:

Field Type Description

hostnames

string array

Hostnames for the above IP address.

ip

string

IP address of the host file entry.

EphemeralContainer [v1/core]

The following table describes the parameters for EphemeralContainer object:

Field Type Description

args

string array

Arguments to the entrypoint. The docker image’s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

command

string array

Entrypoint array. Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

env

EnvVar array

List of environment variables to set in the container. Cannot be updated.

envFrom

EnvFromSource array

List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.

image

string

Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images

imagePullPolicy

string

Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images

lifecycle

Lifecycle

Lifecycle is not allowed for ephemeral containers.

livenessProbe

Probe

Probes are not allowed for ephemeral containers.

name

string

Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.

ports

ContainerPort array

Ports are not allowed for ephemeral containers.

readinessProbe

Probe

Probes are not allowed for ephemeral containers.

resources

ResourceRequirements

Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.

securityContext

SecurityContext

SecurityContext is not allowed for ephemeral containers.

startupProbe

Probe

Probes are not allowed for ephemeral containers.

stdin

boolean

Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.

stdinOnce

boolean

Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false

targetContainerName

string

If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container is run in whatever namespaces are shared for the pod. Note that the container runtime must support this feature.

terminationMessagePath

string

Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.

terminationMessagePolicy

string

Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.

tty

boolean

Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.

volumeDevices

VolumeDevice array

volumeDevices is the list of block devices to be used by the container. This is a beta feature.

volumeMounts

VolumeMount array

Pod volumes to mount into the container’s filesystem. Cannot be updated.

workingDir

string

Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.

VolumeMount [v1/core]

The following table describes the parameters for VolumeMount object:

Field Type Description

mountPath

string

Path within the container at which the volume should be mounted. Must not contain ':'.

mountPropagation

string

mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.

name

string

This must match the Name of a Volume.

readOnly

boolean

Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.

subPath

string

Path within the volume from which the container’s volume should be mounted. Defaults to "" (volume’s root).

subPathExpr

string

Expanded path within the volume from which the container’s volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container’s environment. Defaults to "" (volume’s root). SubPathExpr and SubPath are mutually exclusive. This field is beta in 1.15.

VolumeDevice [v1/core]

The following table describes the parameters for VolumeDevice object:

Field Type Description

devicePath

string

devicePath is the path inside of the container that the device will be mapped to.

name

string

name must match the name of a persistentVolumeClaim in the pod

SecurityContext [v1/core]

The following table describes the parameters for SecurityContext object:

Field Type Description

allowPrivilegeEscalation

boolean

AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN

capabilities

Capabilities

The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.

privileged

boolean

Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.

procMount

string

procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.

readOnlyRootFilesystem

boolean

Whether this container has a read-only root filesystem. Default is false.

runAsGroup

integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsNonRoot

boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser

integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

seLinuxOptions

SELinuxOptions

The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

windowsOptions

WindowsSecurityContextOptions

The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

Capabilities [v1/core]

The following table describes the parameters for Capabilities object:

Field Type Description

add

string array

Added capabilities

drop

string array

Removed capabilities

ResourceRequirements [v1/core]

The following table describes the parameters for ResourceRequirements object:

Field Type Description

limits

object

Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

requests

object

Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

ContainerPort [v1/core]

The following table describes the parameters for ContainerPort object:

Field Type Description

containerPort

integer

Number of port to expose on the pod’s IP address. This must be a valid port number, 0 < x < 65536.

hostIP

string

What host IP to bind the external port to.

hostPort

integer

Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.

name

string

If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.

protocol

string

Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".

Probe [v1/core]

The following table describes the parameters for Probe object:

Field Type Description

exec

ExecAction

One and only one of the following should be specified. Exec specifies the action to take.

failureThreshold

integer

Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.

httpGet

HTTPGetAction

HTTPGet specifies the http request to perform.

initialDelaySeconds

integer

Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

periodSeconds

integer

How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.

successThreshold

integer

Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

tcpSocket

TCPSocketAction

TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported

timeoutSeconds

integer

Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

TCPSocketAction [v1/core]

The following table describes the parameters for TCPSocketAction object:

Field Type Description

host

string

Optional: Host name to connect to, defaults to the pod IP.

port

Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

HTTPGetAction [v1/core]

The following table describes the parameters for HTTPGetAction object:

Field Type Description

host

string

Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.

httpHeaders

HTTPHeader array

Custom headers to set in the request. HTTP allows repeated headers.

path

string

Path to access on the HTTP server.

port

Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

scheme

string

Scheme to use for connecting to the host. Defaults to HTTP.

HTTPHeader [v1/core]

The following table describes the parameters for HTTPHeader object:

Field Type Description

name

string

The header field name

value

string

The header field value

ExecAction [v1/core]

The following table describes the parameters for ExecAction object:

Field Type Description

command

string array

Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('

Lifecycle [v1/core]

The following table describes the parameters for Lifecycle object:

Field Type Description

postStart

Handler

PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

preStop

Handler

PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod’s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod’s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

Handler [v1/core]

The following table describes the parameters for Handler object:

Field Type Description

exec

ExecAction

One and only one of the following should be specified. Exec specifies the action to take.

httpGet

HTTPGetAction

HTTPGet specifies the http request to perform.

tcpSocket

TCPSocketAction

TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported

EnvFromSource [v1/core]

The following table describes the parameters for EnvFromSource object:

Field Type Description

configMapRef

ConfigMapEnvSource

The ConfigMap to select from

prefix

string

An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.

secretRef

SecretEnvSource

The Secret to select from

SecretEnvSource [v1/core]

The following table describes the parameters for SecretEnvSource object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret must be defined

ConfigMapEnvSource [v1/core]

The following table describes the parameters for ConfigMapEnvSource object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap must be defined

EnvVar [v1/core]

The following table describes the parameters for EnvVar object:

Field Type Description

name

string

Name of the environment variable. Must be a C_IDENTIFIER.

value

string

Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".

valueFrom

EnvVarSource

Source for the environment variable’s value. Cannot be used if value is not empty.

EnvVarSource [v1/core]

The following table describes the parameters for EnvVarSource object:

Field Type Description

configMapKeyRef

ConfigMapKeySelector

Selects a key of a ConfigMap.

fieldRef

ObjectFieldSelector

Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP.

resourceFieldRef

ResourceFieldSelector

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.

secretKeyRef

SecretKeySelector

Selects a key of a secret in the pod’s namespace

SecretKeySelector [v1/core]

The following table describes the parameters for SecretKeySelector object:

Field Type Description

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

ConfigMapKeySelector [v1/core]

The following table describes the parameters for ConfigMapKeySelector object:

Field Type Description

key

string

The key to select.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its key must be defined

PodDNSConfig [v1/core]

The following table describes the parameters for PodDNSConfig object:

Field Type Description

nameservers

string array

A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.

options

PodDNSConfigOption array

A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.

searches

string array

A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.

PodDNSConfigOption [v1/core]

The following table describes the parameters for PodDNSConfigOption object:

Field Type Description

name

string

Required.

value

string

Container [v1/core]

The following table describes the parameters for Container object:

Field Type Description

args

string array

Arguments to the entrypoint. The docker image’s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

command

string array

Entrypoint array. Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

env

EnvVar array

List of environment variables to set in the container. Cannot be updated.

envFrom

EnvFromSource array

List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.

image

string

Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.

imagePullPolicy

string

Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images

lifecycle

Lifecycle

Actions that the management system should take in response to container lifecycle events. Cannot be updated.

livenessProbe

Probe

Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

name

string

Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.

ports

ContainerPort array

List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated.

readinessProbe

Probe

Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

resources

ResourceRequirements

Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

securityContext

SecurityContext

Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

startupProbe

Probe

StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod’s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is an alpha feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

stdin

boolean

Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.

stdinOnce

boolean

Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false

terminationMessagePath

string

Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.

terminationMessagePolicy

string

Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.

tty

boolean

Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.

volumeDevices

VolumeDevice array

volumeDevices is the list of block devices to be used by the container. This is a beta feature.

volumeMounts

VolumeMount array

Pod volumes to mount into the container’s filesystem. Cannot be updated.

workingDir

string

Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.

Affinity [v1/core]

The following table describes the parameters for Affinity object:

Field Type Description

nodeAffinity

NodeAffinity

Describes node affinity scheduling rules for the pod.

podAffinity

PodAffinity

Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).

podAntiAffinity

PodAntiAffinity

Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).

PodAntiAffinity [v1/core]

The following table describes the parameters for PodAntiAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

WeightedPodAffinityTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

PodAffinityTerm array

If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

PodAffinityTerm [v1/core]

The following table describes the parameters for PodAffinityTerm object:

Field Type Description

labelSelector

LabelSelector

A label query over a set of resources, in this case pods.

namespaces

string array

namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod’s namespace"

topologyKey

string

This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.

WeightedPodAffinityTerm [v1/core]

The following table describes the parameters for WeightedPodAffinityTerm object:

Field Type Description

podAffinityTerm

PodAffinityTerm

Required. A pod affinity term, associated with the corresponding weight.

weight

integer

weight associated with matching the corresponding podAffinityTerm, in the range 1-100.

PodAffinity [v1/core]

The following table describes the parameters for PodAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

WeightedPodAffinityTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

PodAffinityTerm array

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

NodeAffinity [v1/core]

The following table describes the parameters for NodeAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

PreferredSchedulingTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

NodeSelector

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.

NodeSelector [v1/core]

The following table describes the parameters for NodeSelector object:

Field Type Description

nodeSelectorTerms

NodeSelectorTerm array

Required. A list of node selector terms. The terms are ORed.

NodeSelectorTerm [v1/core]

The following table describes the parameters for NodeSelectorTerm object:

Field Type Description

matchExpressions

NodeSelectorRequirement array

A list of node selector requirements by node’s labels.

matchFields

NodeSelectorRequirement array

A list of node selector requirements by node’s fields.

NodeSelectorRequirement [v1/core]

The following table describes the parameters for NodeSelectorRequirement object:

Field Type Description

key

string

The label key that the selector applies to.

operator

string

Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.

values

string array

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.

PreferredSchedulingTerm [v1/core]

The following table describes the parameters for PreferredSchedulingTerm object:

Field Type Description

preference

NodeSelectorTerm

A node selector term, associated with the corresponding weight.

weight

integer

Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a ReplicationController

HTTP request

post /api/v1/namespaces/{namespace}/replicationcontrollers

Table 471. HTTP body
Object	Type
`body`	ReplicationController

Table 472. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 473. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 474. HTTP responses
Code	Type
200 - OK	ReplicationController
201 - Created	ReplicationController
202 - Accepted	ReplicationController

Patch

partially update the specified ReplicationController

HTTP request

patch /api/v1/namespaces/{namespace}/replicationcontrollers/{name}

Table 475. HTTP body
Object	Type
`body`	Patch

Table 476. Path parameters
Parameter	Description
`name`	name of the ReplicationController
`namespace`	object name and auth scope, such as for teams and projects

Table 477. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 478. HTTP responses
Code	Type
200 - OK	ReplicationController

Replace

replace the specified ReplicationController

HTTP request

put /api/v1/namespaces/{namespace}/replicationcontrollers/{name}

Table 479. HTTP body
Object	Type
`body`	ReplicationController

Table 480. Path parameters
Parameter	Description
`name`	name of the ReplicationController
`namespace`	object name and auth scope, such as for teams and projects

Table 481. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 482. HTTP responses
Code	Type
200 - OK	ReplicationController
201 - Created	ReplicationController

Delete

delete a ReplicationController

HTTP request

delete /api/v1/namespaces/{namespace}/replicationcontrollers/{name}

Table 483. HTTP body
Object	Type
`body`	DeleteOptions

Table 484. Path parameters
Parameter	Description
`name`	name of the ReplicationController
`namespace`	object name and auth scope, such as for teams and projects

Table 485. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 486. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of ReplicationController

HTTP request

delete /api/v1/namespaces/{namespace}/replicationcontrollers

Table 487. HTTP body
Object	Type
`body`	DeleteOptions

Table 488. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 489. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 490. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified ReplicationController

HTTP request

get /api/v1/namespaces/{namespace}/replicationcontrollers/{name}

Table 491. Path parameters
Parameter	Description
`name`	name of the ReplicationController
`namespace`	object name and auth scope, such as for teams and projects

Table 492. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 493. HTTP responses
Code	Type
200 - OK	ReplicationController

List

list or watch objects of kind ReplicationController

HTTP request

get /api/v1/namespaces/{namespace}/replicationcontrollers

Table 494. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 495. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 496. HTTP responses
Code	Type
200 - OK	ReplicationControllerList

List All Namespaces

list or watch objects of kind ReplicationController

HTTP request

get /api/v1/replicationcontrollers

Table 497. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 498. HTTP responses
Code	Type
200 - OK	ReplicationControllerList

Watch

watch changes to an object of kind ReplicationController. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /api/v1/watch/namespaces/{namespace}/replicationcontrollers/{name}

Table 499. Path parameters
Parameter	Description
`name`	name of the ReplicationController
`namespace`	object name and auth scope, such as for teams and projects

Table 500. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 501. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of ReplicationController. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /api/v1/watch/namespaces/{namespace}/replicationcontrollers

Table 502. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 503. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 504. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List All Namespaces

watch individual changes to a list of ReplicationController. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /api/v1/watch/replicationcontrollers

Table 505. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 506. HTTP responses
Code	Type
200 - OK	WatchEvent

Status Operations

Patch Status

partially update status of the specified ReplicationController

HTTP request

patch /api/v1/namespaces/{namespace}/replicationcontrollers/{name}/status

Table 507. HTTP body
Object	Type
`body`	Patch

Table 508. Path parameters
Parameter	Description
`name`	name of the ReplicationController
`namespace`	object name and auth scope, such as for teams and projects

Table 509. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 510. HTTP responses
Code	Type
200 - OK	ReplicationController

Read Status

read status of the specified ReplicationController

HTTP request

get /api/v1/namespaces/{namespace}/replicationcontrollers/{name}/status

Table 511. Path parameters
Parameter	Description
`name`	name of the ReplicationController
`namespace`	object name and auth scope, such as for teams and projects

Table 512. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 513. HTTP responses
Code	Type
200 - OK	ReplicationController

Replace Status

replace status of the specified ReplicationController

HTTP request

put /api/v1/namespaces/{namespace}/replicationcontrollers/{name}/status

Table 514. HTTP body
Object	Type
`body`	ReplicationController

Table 515. Path parameters
Parameter	Description
`name`	name of the ReplicationController
`namespace`	object name and auth scope, such as for teams and projects

Table 516. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 517. HTTP responses
Code	Type
200 - OK	ReplicationController
201 - Created	ReplicationController

Misc Operations

Read Scale

read scale of the specified ReplicationController

HTTP request

get /api/v1/namespaces/{namespace}/replicationcontrollers/{name}/scale

Table 518. Path parameters
Parameter	Description
`name`	name of the Scale
`namespace`	object name and auth scope, such as for teams and projects

Table 519. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 520. HTTP responses
Code	Type
200 - OK	Scale

Replace Scale

replace scale of the specified ReplicationController

HTTP request

put /api/v1/namespaces/{namespace}/replicationcontrollers/{name}/scale

Table 521. HTTP body
Object	Type
`body`	Scale

Table 522. Path parameters
Parameter	Description
`name`	name of the Scale
`namespace`	object name and auth scope, such as for teams and projects

Table 523. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 524. HTTP responses
Code	Type
200 - OK	Scale
201 - Created	Scale

Patch Scale

partially update scale of the specified ReplicationController

HTTP request

patch /api/v1/namespaces/{namespace}/replicationcontrollers/{name}/scale

Table 525. HTTP body
Object	Type
`body`	Patch

Table 526. Path parameters
Parameter	Description
`name`	name of the Scale
`namespace`	object name and auth scope, such as for teams and projects

Table 527. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 528. HTTP responses
Code	Type
200 - OK	Scale

ResourceQuota v1 core

Appears in

ResourceQuotaList [core/v1]

Definitions

ResourceQuota [v1/core]

The following table describes the parameters for the ResourceQuota object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

ResourceQuotaSpec

Spec defines the desired quota. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

status

ResourceQuotaStatus

Status defines the actual enforced quota and its current usage. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

ResourceQuotaSpec [v1/core]

The following table describes the parameters for ResourceQuotaSpec object:

Field Type Description

hard

object

hard is the set of desired hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/

scopeSelector

ScopeSelector

scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota but expressed using ScopeSelectorOperator in combination with possible values. For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched.

scopes

string array

A collection of filters that must match each object tracked by a quota. If not specified, the quota matches all objects.

ResourceQuotaStatus [v1/core]

The following table describes the parameters for ResourceQuotaStatus object:

Field Type Description

hard

object

Hard is the set of enforced hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/

used

object

Used is the current observed total usage of the resource in the namespace.

ResourceQuotaList [v1/core]

The following table describes the parameters for ResourceQuotaList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

ResourceQuota array

Items is a list of ResourceQuota objects. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

ScopeSelector [v1/core]

The following table describes the parameters for ScopeSelector object:

Field Type Description

matchExpressions

ScopedResourceSelectorRequirement array

A list of scope selector requirements by scope of the resources.

ScopedResourceSelectorRequirement [v1/core]

The following table describes the parameters for ScopedResourceSelectorRequirement object:

Field Type Description

operator

string

Represents a scope’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist.

scopeName

string

The name of the scope that the selector applies to.

values

string array

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a ResourceQuota

HTTP request

post /api/v1/namespaces/{namespace}/resourcequotas

Table 529. HTTP body
Object	Type
`body`	ResourceQuota

Table 530. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 531. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 532. HTTP responses
Code	Type
200 - OK	ResourceQuota
201 - Created	ResourceQuota
202 - Accepted	ResourceQuota

Patch

partially update the specified ResourceQuota

HTTP request

patch /api/v1/namespaces/{namespace}/resourcequotas/{name}

Table 533. HTTP body
Object	Type
`body`	Patch

Table 534. Path parameters
Parameter	Description
`name`	name of the ResourceQuota
`namespace`	object name and auth scope, such as for teams and projects

Table 535. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 536. HTTP responses
Code	Type
200 - OK	ResourceQuota

Replace

replace the specified ResourceQuota

HTTP request

put /api/v1/namespaces/{namespace}/resourcequotas/{name}

Table 537. HTTP body
Object	Type
`body`	ResourceQuota

Table 538. Path parameters
Parameter	Description
`name`	name of the ResourceQuota
`namespace`	object name and auth scope, such as for teams and projects

Table 539. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 540. HTTP responses
Code	Type
200 - OK	ResourceQuota
201 - Created	ResourceQuota

Delete

delete a ResourceQuota

HTTP request

delete /api/v1/namespaces/{namespace}/resourcequotas/{name}

Table 541. HTTP body
Object	Type
`body`	DeleteOptions

Table 542. Path parameters
Parameter	Description
`name`	name of the ResourceQuota
`namespace`	object name and auth scope, such as for teams and projects

Table 543. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 544. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of ResourceQuota

HTTP request

delete /api/v1/namespaces/{namespace}/resourcequotas

Table 545. HTTP body
Object	Type
`body`	DeleteOptions

Table 546. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 547. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 548. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified ResourceQuota

HTTP request

get /api/v1/namespaces/{namespace}/resourcequotas/{name}

Table 549. Path parameters
Parameter	Description
`name`	name of the ResourceQuota
`namespace`	object name and auth scope, such as for teams and projects

Table 550. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 551. HTTP responses
Code	Type
200 - OK	ResourceQuota

List

list or watch objects of kind ResourceQuota

HTTP request

get /api/v1/namespaces/{namespace}/resourcequotas

Table 552. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 553. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 554. HTTP responses
Code	Type
200 - OK	ResourceQuotaList

List All Namespaces

list or watch objects of kind ResourceQuota

HTTP request

get /api/v1/resourcequotas

Table 555. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 556. HTTP responses
Code	Type
200 - OK	ResourceQuotaList

Watch

watch changes to an object of kind ResourceQuota. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /api/v1/watch/namespaces/{namespace}/resourcequotas/{name}

Table 557. Path parameters
Parameter	Description
`name`	name of the ResourceQuota
`namespace`	object name and auth scope, such as for teams and projects

Table 558. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 559. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of ResourceQuota. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /api/v1/watch/namespaces/{namespace}/resourcequotas

Table 560. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 561. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 562. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List All Namespaces

watch individual changes to a list of ResourceQuota. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /api/v1/watch/resourcequotas

Table 563. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 564. HTTP responses
Code	Type
200 - OK	WatchEvent

Status Operations

Patch Status

partially update status of the specified ResourceQuota

HTTP request

patch /api/v1/namespaces/{namespace}/resourcequotas/{name}/status

Table 565. HTTP body
Object	Type
`body`	Patch

Table 566. Path parameters
Parameter	Description
`name`	name of the ResourceQuota
`namespace`	object name and auth scope, such as for teams and projects

Table 567. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 568. HTTP responses
Code	Type
200 - OK	ResourceQuota

Read Status

read status of the specified ResourceQuota

HTTP request

get /api/v1/namespaces/{namespace}/resourcequotas/{name}/status

Table 569. Path parameters
Parameter	Description
`name`	name of the ResourceQuota
`namespace`	object name and auth scope, such as for teams and projects

Table 570. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 571. HTTP responses
Code	Type
200 - OK	ResourceQuota

Replace Status

replace status of the specified ResourceQuota

HTTP request

put /api/v1/namespaces/{namespace}/resourcequotas/{name}/status

Table 572. HTTP body
Object	Type
`body`	ResourceQuota

Table 573. Path parameters
Parameter	Description
`name`	name of the ResourceQuota
`namespace`	object name and auth scope, such as for teams and projects

Table 574. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 575. HTTP responses
Code	Type
200 - OK	ResourceQuota
201 - Created	ResourceQuota

Secret v1 core

Appears in

SecretList [core/v1]

Definitions

Secret [v1/core]

The following table describes the parameters for the Secret object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

data

object

Data contains the secret data. Each key must consist of alphanumeric characters, '-', '_' or '.'. The serialized form of the secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here. Described in https://tools.ietf.org/html/rfc4648#section-4

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

stringData

object

stringData allows specifying non-binary secret data in string form. It is provided as a write-only convenience method. All keys and values are merged into the data field on write, overwriting any existing values. It is never output when reading from the API.

type

string

Used to facilitate programmatic handling of secret data.

SecretList [v1/core]

The following table describes the parameters for SecretList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Secret array

Items is a list of secret objects. More info: https://kubernetes.io/docs/concepts/configuration/secret

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a Secret

HTTP request

post /api/v1/namespaces/{namespace}/secrets

Table 576. HTTP body
Object	Type
`body`	Secret

Table 577. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 578. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 579. HTTP responses
Code	Type
200 - OK	Secret
201 - Created	Secret
202 - Accepted	Secret

Patch

partially update the specified Secret

HTTP request

patch /api/v1/namespaces/{namespace}/secrets/{name}

Table 580. HTTP body
Object	Type
`body`	Patch

Table 581. Path parameters
Parameter	Description
`name`	name of the Secret
`namespace`	object name and auth scope, such as for teams and projects

Table 582. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 583. HTTP responses
Code	Type
200 - OK	Secret

Replace

replace the specified Secret

HTTP request

put /api/v1/namespaces/{namespace}/secrets/{name}

Table 584. HTTP body
Object	Type
`body`	Secret

Table 585. Path parameters
Parameter	Description
`name`	name of the Secret
`namespace`	object name and auth scope, such as for teams and projects

Table 586. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 587. HTTP responses
Code	Type
200 - OK	Secret
201 - Created	Secret

Delete

delete a Secret

HTTP request

delete /api/v1/namespaces/{namespace}/secrets/{name}

Table 588. HTTP body
Object	Type
`body`	DeleteOptions

Table 589. Path parameters
Parameter	Description
`name`	name of the Secret
`namespace`	object name and auth scope, such as for teams and projects

Table 590. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 591. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of Secret

HTTP request

delete /api/v1/namespaces/{namespace}/secrets

Table 592. HTTP body
Object	Type
`body`	DeleteOptions

Table 593. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 594. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 595. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified Secret

HTTP request

get /api/v1/namespaces/{namespace}/secrets/{name}

Table 596. Path parameters
Parameter	Description
`name`	name of the Secret
`namespace`	object name and auth scope, such as for teams and projects

Table 597. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 598. HTTP responses
Code	Type
200 - OK	Secret

List

list or watch objects of kind Secret

HTTP request

get /api/v1/namespaces/{namespace}/secrets

Table 599. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 600. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 601. HTTP responses
Code	Type
200 - OK	SecretList

List All Namespaces

list or watch objects of kind Secret

HTTP request

get /api/v1/secrets

Table 602. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 603. HTTP responses
Code	Type
200 - OK	SecretList

Watch

watch changes to an object of kind Secret. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /api/v1/watch/namespaces/{namespace}/secrets/{name}

Table 604. Path parameters
Parameter	Description
`name`	name of the Secret
`namespace`	object name and auth scope, such as for teams and projects

Table 605. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 606. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of Secret. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /api/v1/watch/namespaces/{namespace}/secrets

Table 607. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 608. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 609. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List All Namespaces

watch individual changes to a list of Secret. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /api/v1/watch/secrets

Table 610. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 611. HTTP responses
Code	Type
200 - OK	WatchEvent

Service v1 core

Appears in

ServiceList [core/v1]

Definitions

Service [v1/core]

The following table describes the parameters for the Service object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

ServiceSpec

Spec defines the behavior of a service. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

status

ServiceStatus

Most recently observed status of the service. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

ServiceSpec [v1/core]

The following table describes the parameters for ServiceSpec object:

Field Type Description

clusterIP

string

clusterIP is the IP address of the service and is usually assigned randomly by the master. If an address is specified manually and is not in use by others, it will be allocated to the service; otherwise, creation of the service will fail. This field can not be changed through updates. Valid values are "None", empty string (""), or a valid IP address. "None" can be specified for headless services when proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies

externalIPs

string array

externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system.

externalName

string

externalName is the external reference that kubedns or equivalent will return as a CNAME record for this service. No proxying will be involved. Must be a valid RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires Type to be ExternalName.

externalTrafficPolicy

string

externalTrafficPolicy denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints. "Local" preserves the client source IP and avoids a second hop for LoadBalancer and Nodeport type services, but risks potentially imbalanced traffic spreading. "Cluster" obscures the client source IP and may cause a second hop to another node, but should have good overall load-spreading.

healthCheckNodePort

integer

healthCheckNodePort specifies the healthcheck nodePort for the service. If not specified, HealthCheckNodePort is created by the service api backend with the allocated nodePort. Will use user-specified nodePort value if specified by the client. Only effects when Type is set to LoadBalancer and ExternalTrafficPolicy is set to Local.

ipFamily

string

ipFamily specifies whether this Service has a preference for a particular IP family (e.g. IPv4 vs. IPv6). If a specific IP family is requested, the clusterIP field will be allocated from that family, if it is available in the cluster. If no IP family is requested, the cluster’s primary IP family will be used. Other IP fields (loadBalancerIP, loadBalancerSourceRanges, externalIPs) and controllers which allocate external load-balancers should use the same IP family. Endpoints for this Service will be of this family. This field is immutable after creation. Assigning a ServiceIPFamily not available in the cluster (e.g. IPv6 in IPv4 only cluster) is an error condition and will fail during clusterIP assignment.

loadBalancerIP

string

Only applies to Service Type: LoadBalancer LoadBalancer will get created with the IP specified in this field. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature.

loadBalancerSourceRanges

string array

If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/

ports

ServicePort array

The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies

publishNotReadyAddresses

boolean

publishNotReadyAddresses, when set to true, indicates that DNS implementations must publish the notReadyAddresses of subsets for the Endpoints associated with the Service. The default value is false. The primary use case for setting this field is to use a StatefulSet’s Headless Service to propagate SRV records for its Pods without respect to their readiness for purpose of peer discovery.

selector

object

Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/

sessionAffinity

string

Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies

sessionAffinityConfig

SessionAffinityConfig

sessionAffinityConfig contains the configurations of session affinity.

type

string

type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ExternalName" maps to the specified externalName. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a stable IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the clusterIP. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types

ServiceStatus [v1/core]

The following table describes the parameters for ServiceStatus object:

Field Type Description

loadBalancer

LoadBalancerStatus

LoadBalancer contains the current status of the load-balancer, if one is present.

ServiceList [v1/core]

The following table describes the parameters for ServiceList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Service array

List of services

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

LoadBalancerStatus [v1/core]

The following table describes the parameters for LoadBalancerStatus object:

Field Type Description

ingress

LoadBalancerIngress array

Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points.

LoadBalancerIngress [v1/core]

The following table describes the parameters for LoadBalancerIngress object:

Field Type Description

hostname

string

Hostname is set for load-balancer ingress points that are DNS based (typically AWS load-balancers)

ip

string

IP is set for load-balancer ingress points that are IP based (typically GCE or RHOSP load-balancers)

SessionAffinityConfig [v1/core]

The following table describes the parameters for SessionAffinityConfig object:

Field Type Description

clientIP

ClientIPConfig

clientIP contains the configurations of Client IP based session affinity.

ClientIPConfig [v1/core]

The following table describes the parameters for ClientIPConfig object:

Field Type Description

timeoutSeconds

integer

timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && ⇐86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours).

ServicePort [v1/core]

The following table describes the parameters for ServicePort object:

Field Type Description

name

string

The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service.

nodePort

integer

The port on each node on which this service is exposed when type=NodePort or LoadBalancer. Usually assigned by the system. If specified, it will be allocated to the service if unused or else creation of the service will fail. Default is to auto-allocate a port if the ServiceType of this Service requires one. More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport

port

integer

The port that will be exposed by this service.

protocol

string

The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP.

targetPort

Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod’s container ports. If this is not specified, the value of the 'port' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the 'port' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a Service

HTTP request

post /api/v1/namespaces/{namespace}/services

Table 612. HTTP body
Object	Type
`body`	Service

Table 613. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 614. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 615. HTTP responses
Code	Type
200 - OK	Service
201 - Created	Service
202 - Accepted	Service

Patch

partially update the specified Service

HTTP request

patch /api/v1/namespaces/{namespace}/services/{name}

Table 616. HTTP body
Object	Type
`body`	Patch

Table 617. Path parameters
Parameter	Description
`name`	name of the Service
`namespace`	object name and auth scope, such as for teams and projects

Table 618. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 619. HTTP responses
Code	Type
200 - OK	Service

Replace

replace the specified Service

HTTP request

put /api/v1/namespaces/{namespace}/services/{name}

Table 620. HTTP body
Object	Type
`body`	Service

Table 621. Path parameters
Parameter	Description
`name`	name of the Service
`namespace`	object name and auth scope, such as for teams and projects

Table 622. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 623. HTTP responses
Code	Type
200 - OK	Service
201 - Created	Service

Delete

delete a Service

HTTP request

delete /api/v1/namespaces/{namespace}/services/{name}

Table 624. HTTP body
Object	Type
`body`	DeleteOptions

Table 625. Path parameters
Parameter	Description
`name`	name of the Service
`namespace`	object name and auth scope, such as for teams and projects

Table 626. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 627. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Read Operations

Read

read the specified Service

HTTP request

get /api/v1/namespaces/{namespace}/services/{name}

Table 628. Path parameters
Parameter	Description
`name`	name of the Service
`namespace`	object name and auth scope, such as for teams and projects

Table 629. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 630. HTTP responses
Code	Type
200 - OK	Service

List

list or watch objects of kind Service

HTTP request

get /api/v1/namespaces/{namespace}/services

Table 631. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 632. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 633. HTTP responses
Code	Type
200 - OK	ServiceList

List All Namespaces

list or watch objects of kind Service

HTTP request

get /api/v1/services

Table 634. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 635. HTTP responses
Code	Type
200 - OK	ServiceList

Watch

watch changes to an object of kind Service. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /api/v1/watch/namespaces/{namespace}/services/{name}

Table 636. Path parameters
Parameter	Description
`name`	name of the Service
`namespace`	object name and auth scope, such as for teams and projects

Table 637. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 638. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of Service. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /api/v1/watch/namespaces/{namespace}/services

Table 639. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 640. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 641. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List All Namespaces

watch individual changes to a list of Service. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /api/v1/watch/services

Table 642. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 643. HTTP responses
Code	Type
200 - OK	WatchEvent

Status Operations

Patch Status

partially update status of the specified Service

HTTP request

patch /api/v1/namespaces/{namespace}/services/{name}/status

Table 644. HTTP body
Object	Type
`body`	Patch

Table 645. Path parameters
Parameter	Description
`name`	name of the Service
`namespace`	object name and auth scope, such as for teams and projects

Table 646. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 647. HTTP responses
Code	Type
200 - OK	Service

Read Status

read status of the specified Service

HTTP request

get /api/v1/namespaces/{namespace}/services/{name}/status

Table 648. Path parameters
Parameter	Description
`name`	name of the Service
`namespace`	object name and auth scope, such as for teams and projects

Table 649. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 650. HTTP responses
Code	Type
200 - OK	Service

Replace Status

replace status of the specified Service

HTTP request

put /api/v1/namespaces/{namespace}/services/{name}/status

Table 651. HTTP body
Object	Type
`body`	Service

Table 652. Path parameters
Parameter	Description
`name`	name of the Service
`namespace`	object name and auth scope, such as for teams and projects

Table 653. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 654. HTTP responses
Code	Type
200 - OK	Service
201 - Created	Service

Proxy Operations

Create Connect Proxy

connect POST requests to proxy of Service

HTTP request

post /api/v1/namespaces/{namespace}/services/{name}/proxy

Table 655. Path parameters
Parameter	Description
`name`	name of the ServiceProxyOptions
`namespace`	object name and auth scope, such as for teams and projects

Table 656. Query parameters
Parameter	Description
`path`	Path is the part of URLs that include service endpoints, suffixes, and parameters to use for the current proxy request to service. For example, the whole request URL is http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. Path is _search?q=user:kimchy.

Table 657. HTTP responses
Code	Type
200 - OK	string

Create Connect Proxy Path

connect POST requests to proxy of Service

HTTP request

post /api/v1/namespaces/{namespace}/services/{name}/proxy/{path}

Table 658. Path parameters
Parameter	Description
`name`	name of the ServiceProxyOptions
`namespace`	object name and auth scope, such as for teams and projects
`path`	path to the resource

Table 659. Query parameters
Parameter	Description
`path`	Path is the part of URLs that include service endpoints, suffixes, and parameters to use for the current proxy request to service. For example, the whole request URL is http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. Path is _search?q=user:kimchy.

Table 660. HTTP responses
Code	Type
200 - OK	string

Create Proxy

connect DELETE requests to proxy of Service

HTTP request

delete /api/v1/namespaces/{namespace}/services/{name}/proxy

Table 661. Path parameters
Parameter	Description
`name`	name of the ServiceProxyOptions
`namespace`	object name and auth scope, such as for teams and projects

Table 662. Query parameters
Parameter	Description
`path`	Path is the part of URLs that include service endpoints, suffixes, and parameters to use for the current proxy request to service. For example, the whole request URL is http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. Path is _search?q=user:kimchy.

Table 663. HTTP responses
Code	Type
200 - OK	string

Delete Connect Proxy Path

connect DELETE requests to proxy of Service

HTTP request

delete /api/v1/namespaces/{namespace}/services/{name}/proxy/{path}

Table 664. Path parameters
Parameter	Description
`name`	name of the ServiceProxyOptions
`namespace`	object name and auth scope, such as for teams and projects
`path`	path to the resource

Table 665. Query parameters
Parameter	Description
`path`	Path is the part of URLs that include service endpoints, suffixes, and parameters to use for the current proxy request to service. For example, the whole request URL is http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. Path is _search?q=user:kimchy.

Table 666. HTTP responses
Code	Type
200 - OK	string

Get Connect Proxy

connect GET requests to proxy of Service

HTTP request

get /api/v1/namespaces/{namespace}/services/{name}/proxy

Table 667. Path parameters
Parameter	Description
`name`	name of the ServiceProxyOptions
`namespace`	object name and auth scope, such as for teams and projects

Table 668. Query parameters
Parameter	Description
`path`	Path is the part of URLs that include service endpoints, suffixes, and parameters to use for the current proxy request to service. For example, the whole request URL is http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. Path is _search?q=user:kimchy.

Table 669. HTTP responses
Code	Type
200 - OK	string

Get Connect Proxy Path

connect GET requests to proxy of Service

HTTP request

get /api/v1/namespaces/{namespace}/services/{name}/proxy/{path}

Table 670. Path parameters
Parameter	Description
`name`	name of the ServiceProxyOptions
`namespace`	object name and auth scope, such as for teams and projects
`path`	path to the resource

Table 671. Query parameters
Parameter	Description
`path`	Path is the part of URLs that include service endpoints, suffixes, and parameters to use for the current proxy request to service. For example, the whole request URL is http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. Path is _search?q=user:kimchy.

Table 672. HTTP responses
Code	Type
200 - OK	string

Head Connect Proxy

connect HEAD requests to proxy of Service

HTTP request

head /api/v1/namespaces/{namespace}/services/{name}/proxy

Table 673. Path parameters
Parameter	Description
`name`	name of the ServiceProxyOptions
`namespace`	object name and auth scope, such as for teams and projects

Table 674. Query parameters
Parameter	Description
`path`	Path is the part of URLs that include service endpoints, suffixes, and parameters to use for the current proxy request to service. For example, the whole request URL is http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. Path is _search?q=user:kimchy.

Table 675. HTTP responses
Code	Type
200 - OK	string

Head Connect Proxy Path

connect HEAD requests to proxy of Service

HTTP request

head /api/v1/namespaces/{namespace}/services/{name}/proxy/{path}

Table 676. Path parameters
Parameter	Description
`name`	name of the ServiceProxyOptions
`namespace`	object name and auth scope, such as for teams and projects
`path`	path to the resource

Table 677. Query parameters
Parameter	Description
`path`	Path is the part of URLs that include service endpoints, suffixes, and parameters to use for the current proxy request to service. For example, the whole request URL is http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. Path is _search?q=user:kimchy.

Table 678. HTTP responses
Code	Type
200 - OK	string

Replace Connect Proxy

connect PUT requests to proxy of Service

HTTP request

put /api/v1/namespaces/{namespace}/services/{name}/proxy

Table 679. Path parameters
Parameter	Description
`name`	name of the ServiceProxyOptions
`namespace`	object name and auth scope, such as for teams and projects

Table 680. Query parameters
Parameter	Description
`path`	Path is the part of URLs that include service endpoints, suffixes, and parameters to use for the current proxy request to service. For example, the whole request URL is http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. Path is _search?q=user:kimchy.

Table 681. HTTP responses
Code	Type
200 - OK	string

Replace Connect Proxy Path

connect PUT requests to proxy of Service

HTTP request

put /api/v1/namespaces/{namespace}/services/{name}/proxy/{path}

Table 682. Path parameters
Parameter	Description
`name`	name of the ServiceProxyOptions
`namespace`	object name and auth scope, such as for teams and projects
`path`	path to the resource

Table 683. Query parameters
Parameter	Description
`path`	Path is the part of URLs that include service endpoints, suffixes, and parameters to use for the current proxy request to service. For example, the whole request URL is http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. Path is _search?q=user:kimchy.

Table 684. HTTP responses
Code	Type
200 - OK	string

ServiceAccount v1 core

Appears in

ServiceAccountList [core/v1]

Definitions

ServiceAccount [v1/core]

The following table describes the parameters for the ServiceAccount object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

automountServiceAccountToken

boolean

AutomountServiceAccountToken indicates whether pods running as this service account should have an API token automatically mounted. Can be overridden at the pod level.

imagePullSecrets

LocalObjectReference array

ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

secrets

ObjectReference array

Secrets is the list of secrets allowed to be used by pods running using this ServiceAccount. More info: https://kubernetes.io/docs/concepts/configuration/secret

ServiceAccountList [v1/core]

The following table describes the parameters for ServiceAccountList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

ServiceAccount array

List of ServiceAccounts. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

ObjectReference [v1/core]

The following table describes the parameters for ObjectReference object:

Field Type Description

apiVersion

string

API version of the referent.

fieldPath

string

If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

LocalObjectReference [v1/core]

The following table describes the parameters for LocalObjectReference object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Operations

Write Operations

Create

create a ServiceAccount

HTTP request

post /api/v1/namespaces/{namespace}/serviceaccounts

Table 685. HTTP body
Object	Type
`body`	ServiceAccount

Table 686. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 687. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 688. HTTP responses
Code	Type
200 - OK	ServiceAccount
201 - Created	ServiceAccount
202 - Accepted	ServiceAccount

Patch

partially update the specified ServiceAccount

HTTP request

patch /api/v1/namespaces/{namespace}/serviceaccounts/{name}

Table 689. HTTP body
Object	Type
`body`	Patch

Table 690. Path parameters
Parameter	Description
`name`	name of the ServiceAccount
`namespace`	object name and auth scope, such as for teams and projects

Table 691. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 692. HTTP responses
Code	Type
200 - OK	ServiceAccount

Replace

replace the specified ServiceAccount

HTTP request

put /api/v1/namespaces/{namespace}/serviceaccounts/{name}

Table 693. HTTP body
Object	Type
`body`	ServiceAccount

Table 694. Path parameters
Parameter	Description
`name`	name of the ServiceAccount
`namespace`	object name and auth scope, such as for teams and projects

Table 695. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 696. HTTP responses
Code	Type
200 - OK	ServiceAccount
201 - Created	ServiceAccount

Delete

delete a ServiceAccount

HTTP request

delete /api/v1/namespaces/{namespace}/serviceaccounts/{name}

Table 697. HTTP body
Object	Type
`body`	DeleteOptions

Table 698. Path parameters
Parameter	Description
`name`	name of the ServiceAccount
`namespace`	object name and auth scope, such as for teams and projects

Table 699. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 700. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of ServiceAccount

HTTP request

delete /api/v1/namespaces/{namespace}/serviceaccounts

Table 701. HTTP body
Object	Type
`body`	DeleteOptions

Table 702. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 703. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 704. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified ServiceAccount

HTTP request

get /api/v1/namespaces/{namespace}/serviceaccounts/{name}

Table 705. Path parameters
Parameter	Description
`name`	name of the ServiceAccount
`namespace`	object name and auth scope, such as for teams and projects

Table 706. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 707. HTTP responses
Code	Type
200 - OK	ServiceAccount

List

list or watch objects of kind ServiceAccount

HTTP request

get /api/v1/namespaces/{namespace}/serviceaccounts

Table 708. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 709. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 710. HTTP responses
Code	Type
200 - OK	ServiceAccountList

List All Namespaces

list or watch objects of kind ServiceAccount

HTTP request

get /api/v1/serviceaccounts

Table 711. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 712. HTTP responses
Code	Type
200 - OK	ServiceAccountList

Watch

watch changes to an object of kind ServiceAccount. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /api/v1/watch/namespaces/{namespace}/serviceaccounts/{name}

Table 713. Path parameters
Parameter	Description
`name`	name of the ServiceAccount
`namespace`	object name and auth scope, such as for teams and projects

Table 714. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 715. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of ServiceAccount. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /api/v1/watch/namespaces/{namespace}/serviceaccounts

Table 716. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 717. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 718. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List All Namespaces

watch individual changes to a list of ServiceAccount. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /api/v1/watch/serviceaccounts

Table 719. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 720. HTTP responses
Code	Type
200 - OK	WatchEvent

MutatingWebhookConfiguration v1 admissionregistration

Appears in

MutatingWebhookConfigurationList [admissionregistration/v1]

Definitions

MutatingWebhookConfiguration [v1/admissionregistration]

The following table describes the parameters for the MutatingWebhookConfiguration object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

webhooks

MutatingWebhook array

Webhooks is a list of webhooks and the affected resources and operations.

MutatingWebhookConfigurationList [v1/admissionregistration]

The following table describes the parameters for MutatingWebhookConfigurationList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

MutatingWebhookConfiguration array

List of MutatingWebhookConfiguration.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

MutatingWebhook [v1/admissionregistration]

The following table describes the parameters for MutatingWebhook object:

Field Type Description

admissionReviewVersions

string array

AdmissionReviewVersions is an ordered list of preferred AdmissionReview versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.

clientConfig

WebhookClientConfig

ClientConfig defines how to communicate with the hook. Required

failurePolicy

string

FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.

matchPolicy

string

matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".

- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"], a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.

- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"], a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.

Defaults to "Equivalent"

name

string

The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.

namespaceSelector

LabelSelector

NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.

For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1"; you will set the selector as follows: "namespaceSelector": { "matchExpressions": [ { "key": "runlevel", "operator": "NotIn", "values": [ "0", "1" ] } ] }

If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": { "matchExpressions": [ { "key": "environment", "operator": "In", "values": [ "prod", "staging" ] } ] }

See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.

Default to the empty LabelSelector, which matches everything.

objectSelector

LabelSelector

ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.

reinvocationPolicy

string

reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are "Never" and "IfNeeded".

Never: the webhook will not be called more than once in a single admission evaluation.

IfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option must be idempotent, able to process objects they previously admitted. Note: * the number of additional invocations is not guaranteed to be exactly one. * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * webhooks that use this option may be reordered to minimize the number of additional invocations. * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.

Defaults to "Never".

rules

RuleWithOperations array

Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches any Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.

sideEffects

string

SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission change and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.

timeoutSeconds

integer

TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.

RuleWithOperations [v1/admissionregistration]

The following table describes the parameters for RuleWithOperations object:

Field Type Description

apiGroups

string array

APIGroups is the API groups the resources belong to. '' is all groups. If '' is present, the length of the slice must be one. Required.

apiVersions

string array

APIVersions is the API versions the resources belong to. '' is all versions. If '' is present, the length of the slice must be one. Required.

operations

string array

Operations is the operations the admission hook cares about - CREATE, UPDATE, or * for all operations. If '*' is present, the length of the slice must be one. Required.

resources

string array

Resources is a list of resources this rule applies to.

For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '' means all resources, but not subresources. 'pods/' means all subresources of pods. '/scale' means all scale subresources. '/*' means all resources and their subresources.

If wildcard is present, the validation rule will ensure resources do not overlap with each other.

Depending on the enclosing object, subresources might not be allowed. Required.

scope

string

scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".

LabelSelector [v1/meta]

The following table describes the parameters for LabelSelector object:

Field Type Description

matchExpressions

LabelSelectorRequirement array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchLabels

object

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

LabelSelectorRequirement [v1/meta]

The following table describes the parameters for LabelSelectorRequirement object:

Field Type Description

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

string array

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

WebhookClientConfig [v1/admissionregistration]

The following table describes the parameters for WebhookClientConfig object:

Field Type Description

caBundle

string

caBundle is a PEM encoded CA bundle which will be used to validate the webhook’s server certificate. If unspecified, system trust roots on the apiserver are used.

service

ServiceReference

service is a reference to the service for this webhook. Either service or url must be specified.

If the webhook is running within the cluster, then you should use service.

url

string

url gives the location of the webhook, in standard URL form (scheme://host:port/path). Exactly one of url or service must be specified.

The host should not refer to a service running in the cluster; use the service field instead. The host might be resolved via external DNS in some apiservers (e.g., kube-apiserver cannot resolve in-cluster DNS as that would be a layering violation). host may also be an IP address.

Please note that using localhost or 127.0.0.1 as a host is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.

The scheme must be "https"; the URL must begin with "https://".

A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.

Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#…") and query parameters ("?…") are not allowed, either.

ServiceReference [v1/admissionregistration]

The following table describes the parameters for ServiceReference object:

Field Type Description

name

string

name is the name of the service. Required

namespace

string

namespace is the namespace of the service. Required

path

string

path is an optional URL path which will be sent in any request to this service.

port

integer

If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. port should be a valid port number (1-65535, inclusive).

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a MutatingWebhookConfiguration

HTTP request

post /apis/admissionregistration.k8s.io/v1/mutatingwebhookconfigurations

Table 721. HTTP body
Object	Type
`body`	MutatingWebhookConfiguration

Table 722. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 723. HTTP responses
Code	Type
200 - OK	MutatingWebhookConfiguration
201 - Created	MutatingWebhookConfiguration
202 - Accepted	MutatingWebhookConfiguration

Patch

partially update the specified MutatingWebhookConfiguration

HTTP request

patch /apis/admissionregistration.k8s.io/v1/mutatingwebhookconfigurations/{name}

Table 724. HTTP body
Object	Type
`body`	Patch

Table 725. Path parameters
Parameter	Description
`name`	name of the MutatingWebhookConfiguration

Table 726. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 727. HTTP responses
Code	Type
200 - OK	MutatingWebhookConfiguration

Replace

replace the specified MutatingWebhookConfiguration

HTTP request

put /apis/admissionregistration.k8s.io/v1/mutatingwebhookconfigurations/{name}

Table 728. HTTP body
Object	Type
`body`	MutatingWebhookConfiguration

Table 729. Path parameters
Parameter	Description
`name`	name of the MutatingWebhookConfiguration

Table 730. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 731. HTTP responses
Code	Type
200 - OK	MutatingWebhookConfiguration
201 - Created	MutatingWebhookConfiguration

Delete

delete a MutatingWebhookConfiguration

HTTP request

delete /apis/admissionregistration.k8s.io/v1/mutatingwebhookconfigurations/{name}

Table 732. HTTP body
Object	Type
`body`	DeleteOptions

Table 733. Path parameters
Parameter	Description
`name`	name of the MutatingWebhookConfiguration

Table 734. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 735. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of MutatingWebhookConfiguration

HTTP request

delete /apis/admissionregistration.k8s.io/v1/mutatingwebhookconfigurations

Table 736. HTTP body
Object	Type
`body`	DeleteOptions

Table 737. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 738. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified MutatingWebhookConfiguration

HTTP request

get /apis/admissionregistration.k8s.io/v1/mutatingwebhookconfigurations/{name}

Table 739. Path parameters
Parameter	Description
`name`	name of the MutatingWebhookConfiguration

Table 740. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 741. HTTP responses
Code	Type
200 - OK	MutatingWebhookConfiguration

List

list or watch objects of kind MutatingWebhookConfiguration

HTTP request

get /apis/admissionregistration.k8s.io/v1/mutatingwebhookconfigurations

Table 742. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 743. HTTP responses
Code	Type
200 - OK	MutatingWebhookConfigurationList

Watch

watch changes to an object of kind MutatingWebhookConfiguration. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /apis/admissionregistration.k8s.io/v1/watch/mutatingwebhookconfigurations/{name}

Table 744. Path parameters
Parameter	Description
`name`	name of the MutatingWebhookConfiguration

Table 745. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 746. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of MutatingWebhookConfiguration. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/admissionregistration.k8s.io/v1/watch/mutatingwebhookconfigurations

Table 747. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 748. HTTP responses
Code	Type
200 - OK	WatchEvent

ValidatingWebhookConfiguration v1 admissionregistration

Appears in

ValidatingWebhookConfigurationList [admissionregistration/v1]

Definitions

ValidatingWebhookConfiguration [v1/admissionregistration]

The following table describes the parameters for the ValidatingWebhookConfiguration object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

webhooks

ValidatingWebhook array

Webhooks is a list of webhooks and the affected resources and operations.

ValidatingWebhookConfigurationList [v1/admissionregistration]

The following table describes the parameters for ValidatingWebhookConfigurationList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

ValidatingWebhookConfiguration array

List of ValidatingWebhookConfiguration.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

ValidatingWebhook [v1/admissionregistration]

The following table describes the parameters for ValidatingWebhook object:

Field Type Description

admissionReviewVersions

string array

AdmissionReviewVersions is an ordered list of preferred AdmissionReview versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.

clientConfig

WebhookClientConfig

ClientConfig defines how to communicate with the hook. Required

failurePolicy

string

FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.

matchPolicy

string

matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".

- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"], a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.

- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"], a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.

Defaults to "Equivalent"

name

string

The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.

namespaceSelector

LabelSelector

NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.

For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1"; you will set the selector as follows: "namespaceSelector": { "matchExpressions": [ { "key": "runlevel", "operator": "NotIn", "values": [ "0", "1" ] } ] }

If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": { "matchExpressions": [ { "key": "environment", "operator": "In", "values": [ "prod", "staging" ] } ] }

See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors.

Default to the empty LabelSelector, which matches everything.

objectSelector

LabelSelector

ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.

rules

RuleWithOperations array

Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches any Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.

sideEffects

string

SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission change and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.

timeoutSeconds

integer

TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.

RuleWithOperations [v1/admissionregistration]

The following table describes the parameters for RuleWithOperations object:

Field Type Description

apiGroups

string array

APIGroups is the API groups the resources belong to. '' is all groups. If '' is present, the length of the slice must be one. Required.

apiVersions

string array

APIVersions is the API versions the resources belong to. '' is all versions. If '' is present, the length of the slice must be one. Required.

operations

string array

Operations is the operations the admission hook cares about - CREATE, UPDATE, or * for all operations. If '*' is present, the length of the slice must be one. Required.

resources

string array

Resources is a list of resources this rule applies to.

For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '' means all resources, but not subresources. 'pods/' means all subresources of pods. '/scale' means all scale subresources. '/*' means all resources and their subresources.

If wildcard is present, the validation rule will ensure resources do not overlap with each other.

Depending on the enclosing object, subresources might not be allowed. Required.

scope

string

scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".

LabelSelector [v1/meta]

The following table describes the parameters for LabelSelector object:

Field Type Description

matchExpressions

LabelSelectorRequirement array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchLabels

object

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

LabelSelectorRequirement [v1/meta]

The following table describes the parameters for LabelSelectorRequirement object:

Field Type Description

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

string array

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

WebhookClientConfig [v1/admissionregistration]

The following table describes the parameters for WebhookClientConfig object:

Field Type Description

caBundle

string

caBundle is a PEM encoded CA bundle which will be used to validate the webhook’s server certificate. If unspecified, system trust roots on the apiserver are used.

service

ServiceReference

service is a reference to the service for this webhook. Either service or url must be specified.

If the webhook is running within the cluster, then you should use service.

url

string

url gives the location of the webhook, in standard URL form (scheme://host:port/path). Exactly one of url or service must be specified.

The host should not refer to a service running in the cluster; use the service field instead. The host might be resolved via external DNS in some apiservers (e.g., kube-apiserver cannot resolve in-cluster DNS as that would be a layering violation). host may also be an IP address.

Please note that using localhost or 127.0.0.1 as a host is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.

The scheme must be "https"; the URL must begin with "https://".

A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.

Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#…") and query parameters ("?…") are not allowed, either.

ServiceReference [v1/admissionregistration]

The following table describes the parameters for ServiceReference object:

Field Type Description

name

string

name is the name of the service. Required

namespace

string

namespace is the namespace of the service. Required

path

string

path is an optional URL path which will be sent in any request to this service.

port

integer

If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. port should be a valid port number (1-65535, inclusive).

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a ValidatingWebhookConfiguration

HTTP request

post /apis/admissionregistration.k8s.io/v1/validatingwebhookconfigurations

Table 749. HTTP body
Object	Type
`body`	ValidatingWebhookConfiguration

Table 750. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 751. HTTP responses
Code	Type
200 - OK	ValidatingWebhookConfiguration
201 - Created	ValidatingWebhookConfiguration
202 - Accepted	ValidatingWebhookConfiguration

Patch

partially update the specified ValidatingWebhookConfiguration

HTTP request

patch /apis/admissionregistration.k8s.io/v1/validatingwebhookconfigurations/{name}

Table 752. HTTP body
Object	Type
`body`	Patch

Table 753. Path parameters
Parameter	Description
`name`	name of the ValidatingWebhookConfiguration

Table 754. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 755. HTTP responses
Code	Type
200 - OK	ValidatingWebhookConfiguration

Replace

replace the specified ValidatingWebhookConfiguration

HTTP request

put /apis/admissionregistration.k8s.io/v1/validatingwebhookconfigurations/{name}

Table 756. HTTP body
Object	Type
`body`	ValidatingWebhookConfiguration

Table 757. Path parameters
Parameter	Description
`name`	name of the ValidatingWebhookConfiguration

Table 758. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 759. HTTP responses
Code	Type
200 - OK	ValidatingWebhookConfiguration
201 - Created	ValidatingWebhookConfiguration

Delete

delete a ValidatingWebhookConfiguration

HTTP request

delete /apis/admissionregistration.k8s.io/v1/validatingwebhookconfigurations/{name}

Table 760. HTTP body
Object	Type
`body`	DeleteOptions

Table 761. Path parameters
Parameter	Description
`name`	name of the ValidatingWebhookConfiguration

Table 762. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 763. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of ValidatingWebhookConfiguration

HTTP request

delete /apis/admissionregistration.k8s.io/v1/validatingwebhookconfigurations

Table 764. HTTP body
Object	Type
`body`	DeleteOptions

Table 765. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 766. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified ValidatingWebhookConfiguration

HTTP request

get /apis/admissionregistration.k8s.io/v1/validatingwebhookconfigurations/{name}

Table 767. Path parameters
Parameter	Description
`name`	name of the ValidatingWebhookConfiguration

Table 768. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 769. HTTP responses
Code	Type
200 - OK	ValidatingWebhookConfiguration

List

list or watch objects of kind ValidatingWebhookConfiguration

HTTP request

get /apis/admissionregistration.k8s.io/v1/validatingwebhookconfigurations

Table 770. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 771. HTTP responses
Code	Type
200 - OK	ValidatingWebhookConfigurationList

Watch

watch changes to an object of kind ValidatingWebhookConfiguration. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /apis/admissionregistration.k8s.io/v1/watch/validatingwebhookconfigurations/{name}

Table 772. Path parameters
Parameter	Description
`name`	name of the ValidatingWebhookConfiguration

Table 773. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 774. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of ValidatingWebhookConfiguration. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/admissionregistration.k8s.io/v1/watch/validatingwebhookconfigurations

Table 775. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 776. HTTP responses
Code	Type
200 - OK	WatchEvent

CustomResourceDefinition v1 apiextensions

Appears in

CustomResourceDefinitionList [apiextensions/v1]

Definitions

CustomResourceDefinition [v1/apiextensions]

The following table describes the parameters for the CustomResourceDefinition object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

spec

CustomResourceDefinitionSpec

spec describes how the user wants the resources to appear

status

CustomResourceDefinitionStatus

status indicates the actual state of the CustomResourceDefinition

CustomResourceDefinitionSpec [v1/apiextensions]

The following table describes the parameters for CustomResourceDefinitionSpec object:

Field Type Description

conversion

CustomResourceConversion

conversion defines conversion settings for the CRD.

group

string

group is the API group of the defined custom resource. The custom resources are served under /apis/<group>/…. Must match the name of the CustomResourceDefinition (in the form <names.plural>.<group>).

names

CustomResourceDefinitionNames

names specify the resource and kind names for the custom resource.

preserveUnknownFields

boolean

preserveUnknownFields indicates that object fields which are not specified in the OpenAPI schema should be preserved when persisting to storage. apiVersion, kind, metadata and known fields inside metadata are always preserved. This field is deprecated in favor of setting x-preserve-unknown-fields to true in spec.versions[*].schema.openAPIV3Schema. See https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/#pruning-versus-preserving-unknown-fields for details.

scope

string

scope indicates whether the defined custom resource is cluster- or namespace-scoped. Allowed values are Cluster and Namespaced. Default is Namespaced.

versions

CustomResourceDefinitionVersion array

versions is the list of all API versions of the defined custom resource. Version names are used to compute the order in which served versions are listed in API discovery. If the version string is "kube-like", it will sort above non "kube-like" version strings, which are ordered lexicographically. "Kube-like" versions start with a "v", then are followed by a number (the major version), then optionally the string "alpha" or "beta" and another number (the minor version). These are sorted first by GA > beta > alpha (where GA is a version with no suffix such as beta or alpha), and then by comparing major version, then minor version. An example sorted list of versions: v10, v2, v1, v11beta2, v10beta3, v3beta1, v12alpha1, v11alpha2, foo1, foo10.

CustomResourceDefinitionStatus [v1/apiextensions]

The following table describes the parameters for CustomResourceDefinitionStatus object:

Field Type Description

acceptedNames

CustomResourceDefinitionNames

acceptedNames are the names that are actually being used to serve discovery. They may be different than the names in spec.

conditions

CustomResourceDefinitionCondition array

conditions indicate state for particular aspects of a CustomResourceDefinition

storedVersions

string array

storedVersions lists all versions of CustomResources that were ever persisted. Tracking these versions allows a migration path for stored versions in etcd. The field is mutable so a migration controller can finish a migration to another version (ensuring no old objects are left in storage), and then remove the rest of the versions from this list. Versions may not be removed from spec.versions while they exist in this list.

CustomResourceDefinitionList [v1/apiextensions]

The following table describes the parameters for CustomResourceDefinitionList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

CustomResourceDefinition array

items list individual CustomResourceDefinition objects

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

CustomResourceDefinitionCondition [v1/apiextensions]

The following table describes the parameters for CustomResourceDefinitionCondition object:

Field Type Description

lastTransitionTime

Time

lastTransitionTime last time the condition transitioned from one status to another.

message

string

message is a human-readable message indicating details about last transition.

reason

string

reason is a unique, one-word, CamelCase reason for the condition’s last transition.

status

string

status is the status of the condition. Can be True, False, Unknown.

type

string

type is the type of the condition. Types include Established, NamesAccepted and Terminating.

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

CustomResourceDefinitionNames [v1/apiextensions]

The following table describes the parameters for CustomResourceDefinitionNames object:

Field Type Description

categories

string array

categories is a list of grouped resources this custom resource belongs to (e.g. 'all'). This is published in API discovery documents, and used by clients to support invocations like kubectl get all.

kind

string

kind is the serialized kind of the resource. It is normally CamelCase and singular. Custom resource instances will use this value as the kind attribute in API calls.

listKind

string

listKind is the serialized kind of the list for this resource. Defaults to "`kind`List".

plural

string

plural is the plural name of the resource to serve. The custom resources are served under /apis/<group>/<version>/…/<plural>. Must match the name of the CustomResourceDefinition (in the form <names.plural>.<group>). Must be all lowercase.

shortNames

string array

shortNames are short names for the resource, exposed in API discovery documents, and used by clients to support invocations like kubectl get <shortname>. It must be all lowercase.

singular

string

singular is the singular name of the resource. It must be all lowercase. Defaults to lowercased kind.

CustomResourceDefinitionVersion [v1/apiextensions]

The following table describes the parameters for CustomResourceDefinitionVersion object:

Field Type Description

additionalPrinterColumns

CustomResourceColumnDefinition array

additionalPrinterColumns specifies additional columns returned in Table output. See https://kubernetes.io/docs/reference/using-api/api-concepts/#receiving-resources-as-tables for details. If no columns are specified, a single column displaying the age of the custom resource is used.

name

string

name is the version name, e.g. “v1”, “v2beta1”, etc. The custom resources are served under this version at /apis/<group>/<version>/… if served is true.

schema

CustomResourceValidation

schema describes the schema used for validation, pruning, and defaulting of this version of the custom resource.

served

boolean

served is a flag enabling/disabling this version from being served via REST APIs

storage

boolean

storage indicates this version should be used when persisting custom resources to storage. There must be exactly one version with storage=true.

subresources

CustomResourceSubresources

subresources specify what subresources this version of the defined custom resource have.

CustomResourceSubresources [v1/apiextensions]

The following table describes the parameters for CustomResourceSubresources object:

Field Type Description

scale

CustomResourceSubresourceScale

scale indicates the custom resource should serve a /scale subresource that returns an autoscaling/v1 Scale object.

status

CustomResourceSubresourceStatus

status indicates the custom resource should serve a /status subresource. When enabled: 1. requests to the custom resource primary endpoint ignore changes to the status stanza of the object. 2. requests to the custom resource /status subresource ignore changes to anything other than the status stanza of the object.

CustomResourceSubresourceStatus [v1/apiextensions]

The following table describes the parameters for CustomResourceSubresourceStatus object:

Field

Type

Description

CustomResourceSubresourceScale [v1/apiextensions]

The following table describes the parameters for CustomResourceSubresourceScale object:

Field Type Description

labelSelectorPath

string

labelSelectorPath defines the JSON path inside of a custom resource that corresponds to Scale status.selector. Only JSON paths without the array notation are allowed. Must be a JSON Path under .status or .spec. Must be set to work with HorizontalPodAutoscaler. The field pointed by this JSON path must be a string field (not a complex selector struct) which contains a serialized label selector in string form. More info: https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions#scale-subresource If there is no value under the given path in the custom resource, the status.selector value in the /scale subresource will default to the empty string.

specReplicasPath

string

specReplicasPath defines the JSON path inside of a custom resource that corresponds to Scale spec.replicas. Only JSON paths without the array notation are allowed. Must be a JSON Path under .spec. If there is no value under the given path in the custom resource, the /scale subresource will return an error on GET.

statusReplicasPath

string

statusReplicasPath defines the JSON path inside of a custom resource that corresponds to Scale status.replicas. Only JSON paths without the array notation are allowed. Must be a JSON Path under .status. If there is no value under the given path in the custom resource, the status.replicas value in the /scale subresource will default to 0.

CustomResourceValidation [v1/apiextensions]

The following table describes the parameters for CustomResourceValidation object:

Field Type Description

openAPIV3Schema

JSONSchemaProps

openAPIV3Schema is the OpenAPI v3 schema to use for validation and pruning.

JSONSchemaProps [v1/apiextensions]

The following table describes the parameters for JSONSchemaProps object:

Field Type Description

$ref

string

$schema

string

additionalItems

JSONSchemaPropsOrBool

additionalProperties

JSONSchemaPropsOrBool

allOf

JSONSchemaProps array

anyOf

JSONSchemaProps array

default

JSON

default is a default value for undefined object fields. Defaulting is a beta feature under the CustomResourceDefaulting feature gate. Defaulting requires spec.preserveUnknownFields to be false.

definitions

object

dependencies

object

description

string

enum

JSON array

example

JSON

exclusiveMaximum

boolean

exclusiveMinimum

boolean

externalDocs

ExternalDocumentation

format

string

id

string

items

JSONSchemaPropsOrArray

maxItems

integer

maxLength

integer

maxProperties

integer

maximum

number

minItems

integer

minLength

integer

minProperties

integer

minimum

number

multipleOf

number

not

JSONSchemaProps

nullable

boolean

oneOf

JSONSchemaProps array

pattern

string

patternProperties

object

properties

object

required

string array

title

string

type

string

uniqueItems

boolean

x-kubernetes-embedded-resource

boolean

x-kubernetes-embedded-resource defines that the value is an embedded Kubernetes runtime.Object, with TypeMeta and ObjectMeta. The type must be object. It is allowed to further restrict the embedded object. kind, apiVersion and metadata are validated automatically. x-kubernetes-preserve-unknown-fields is allowed to be true, but does not have to be if the object is fully specified (up to kind, apiVersion, metadata).

x-kubernetes-int-or-string

boolean

x-kubernetes-int-or-string specifies that this value is either an integer or a string. If this is true, an empty type is allowed and type as child of anyOf is permitted if following one of the following patterns:

1) anyOf: - type: integer - type: string 2) allOf: - anyOf: - type: integer - type: string - … zero or more

x-kubernetes-list-map-keys

string array

x-kubernetes-list-map-keys annotates an array with the x-kubernetes-list-type map by specifying the keys used as the index of the map.

This tag MUST only be used on lists that have the "x-kubernetes-list-type" extension set to "map". Also, the values specified for this attribute must be a scalar typed field of the child structure (no nesting is supported).

x-kubernetes-list-type

string

x-kubernetes-list-type annotates an array to further describe its topology. This extension must only be used on lists and may have 3 possible values:

1) atomic: the list is treated as a single entity, like a scalar. Atomic lists will be entirely replaced when updated. This extension may be used on any type of list (struct, scalar, …). 2) set: Sets are lists that must not have multiple items with the same value. Each value must be a scalar (or another atomic type). 3) map: These lists are like maps in that their elements have a non-index key used to identify them. Order is preserved upon merge. The map tag must only be used on a list with elements of type object. Defaults to atomic for arrays.

x-kubernetes-preserve-unknown-fields

boolean

x-kubernetes-preserve-unknown-fields stops the API server decoding step from pruning fields which are not specified in the validation schema. This affects fields recursively, but switches back to normal pruning behaviour if nested properties or additionalProperties are specified in the schema. This can either be true or undefined. False is forbidden.

JSONSchemaPropsOrArray [v1/apiextensions]

The following table describes the parameters for JSONSchemaPropsOrArray object:

Field

Type

Description

ExternalDocumentation [v1/apiextensions]

The following table describes the parameters for ExternalDocumentation object:

Field Type Description

description

string

url

string

JSON [v1/apiextensions]

The following table describes the parameters for JSON object:

Field

Type

Description

JSONSchemaPropsOrBool [v1/apiextensions]

The following table describes the parameters for JSONSchemaPropsOrBool object:

Field

Type

Description

CustomResourceColumnDefinition [v1/apiextensions]

The following table describes the parameters for CustomResourceColumnDefinition object:

Field Type Description

description

string

description is a human readable description of this column.

format

string

format is an optional OpenAPI type definition for this column. The 'name' format is applied to the primary identifier column to assist in clients identifying column is the resource name. See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details.

jsonPath

string

jsonPath is a simple JSON path (i.e. with array notation) which is evaluated against each custom resource to produce the value for this column.

name

string

name is a human readable name for the column.

priority

integer

priority is an integer defining the relative importance of this column compared to others. Lower numbers are considered higher priority. Columns that may be omitted in limited space scenarios should be given a priority greater than 0.

type

string

type is an OpenAPI type definition for this column. See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for details.

CustomResourceConversion [v1/apiextensions]

The following table describes the parameters for CustomResourceConversion object:

Field Type Description

strategy

string

strategy specifies how custom resources are converted between versions. Allowed values are: - None: The converter only change the apiVersion and would not touch any other field in the custom resource. - Webhook: API Server will call to an external webhook to do the conversion. Additional information is needed for this option. This requires spec.preserveUnknownFields to be false, and spec.conversion.webhook to be set.

webhook

WebhookConversion

webhook describes how to call the conversion webhook. Required when strategy is set to Webhook.

WebhookConversion [v1/apiextensions]

The following table describes the parameters for WebhookConversion object:

Field Type Description

clientConfig

WebhookClientConfig

clientConfig is the instructions for how to call the webhook if strategy is Webhook.

conversionReviewVersions

string array

conversionReviewVersions is an ordered list of preferred ConversionReview versions the Webhook expects. The API server will use the first version in the list which it supports. If none of the versions specified in this list are supported by API server, conversion will fail for the custom resource. If a persisted Webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail.

WebhookClientConfig [v1/apiextensions]

The following table describes the parameters for WebhookClientConfig object:

Field Type Description

caBundle

string

caBundle is a PEM encoded CA bundle which will be used to validate the webhook’s server certificate. If unspecified, system trust roots on the apiserver are used.

service

ServiceReference

service is a reference to the service for this webhook. Either service or url must be specified.

If the webhook is running within the cluster, then you should use service.

url

string

url gives the location of the webhook, in standard URL form (scheme://host:port/path). Exactly one of url or service must be specified.

The host should not refer to a service running in the cluster; use the service field instead. The host might be resolved via external DNS in some apiservers (e.g., kube-apiserver cannot resolve in-cluster DNS as that would be a layering violation). host may also be an IP address.

Please note that using localhost or 127.0.0.1 as a host is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.

The scheme must be "https"; the URL must begin with "https://".

A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.

Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#…") and query parameters ("?…") are not allowed, either.

ServiceReference [v1/apiextensions]

The following table describes the parameters for ServiceReference object:

Field Type Description

name

string

name is the name of the service. Required

namespace

string

namespace is the namespace of the service. Required

path

string

path is an optional URL path at which the webhook will be contacted.

port

integer

port is an optional service port at which the webhook will be contacted. port should be a valid port number (1-65535, inclusive). Defaults to 443 for backward compatibility.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a CustomResourceDefinition

HTTP request

post /apis/apiextensions.k8s.io/v1/customresourcedefinitions

Table 777. HTTP body
Object	Type
`body`	CustomResourceDefinition

Table 778. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 779. HTTP responses
Code	Type
200 - OK	CustomResourceDefinition
201 - Created	CustomResourceDefinition
202 - Accepted	CustomResourceDefinition

Patch

partially update the specified CustomResourceDefinition

HTTP request

patch /apis/apiextensions.k8s.io/v1/customresourcedefinitions/{name}

Table 780. HTTP body
Object	Type
`body`	Patch

Table 781. Path parameters
Parameter	Description
`name`	name of the CustomResourceDefinition

Table 782. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 783. HTTP responses
Code	Type
200 - OK	CustomResourceDefinition

Replace

replace the specified CustomResourceDefinition

HTTP request

put /apis/apiextensions.k8s.io/v1/customresourcedefinitions/{name}

Table 784. HTTP body
Object	Type
`body`	CustomResourceDefinition

Table 785. Path parameters
Parameter	Description
`name`	name of the CustomResourceDefinition

Table 786. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 787. HTTP responses
Code	Type
200 - OK	CustomResourceDefinition
201 - Created	CustomResourceDefinition

Delete

delete a CustomResourceDefinition

HTTP request

delete /apis/apiextensions.k8s.io/v1/customresourcedefinitions/{name}

Table 788. HTTP body
Object	Type
`body`	DeleteOptions

Table 789. Path parameters
Parameter	Description
`name`	name of the CustomResourceDefinition

Table 790. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 791. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of CustomResourceDefinition

HTTP request

delete /apis/apiextensions.k8s.io/v1/customresourcedefinitions

Table 792. HTTP body
Object	Type
`body`	DeleteOptions

Table 793. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 794. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified CustomResourceDefinition

HTTP request

get /apis/apiextensions.k8s.io/v1/customresourcedefinitions/{name}

Table 795. Path parameters
Parameter	Description
`name`	name of the CustomResourceDefinition

Table 796. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 797. HTTP responses
Code	Type
200 - OK	CustomResourceDefinition

List

list or watch objects of kind CustomResourceDefinition

HTTP request

get /apis/apiextensions.k8s.io/v1/customresourcedefinitions

Table 798. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 799. HTTP responses
Code	Type
200 - OK	CustomResourceDefinitionList

Watch

watch changes to an object of kind CustomResourceDefinition. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /apis/apiextensions.k8s.io/v1/watch/customresourcedefinitions/{name}

Table 800. Path parameters
Parameter	Description
`name`	name of the CustomResourceDefinition

Table 801. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 802. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of CustomResourceDefinition. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/apiextensions.k8s.io/v1/watch/customresourcedefinitions

Table 803. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 804. HTTP responses
Code	Type
200 - OK	WatchEvent

Status Operations

Patch Status

partially update status of the specified CustomResourceDefinition

HTTP request

patch /apis/apiextensions.k8s.io/v1/customresourcedefinitions/{name}/status

Table 805. HTTP body
Object	Type
`body`	Patch

Table 806. Path parameters
Parameter	Description
`name`	name of the CustomResourceDefinition

Table 807. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 808. HTTP responses
Code	Type
200 - OK	CustomResourceDefinition

Read Status

read status of the specified CustomResourceDefinition

HTTP request

get /apis/apiextensions.k8s.io/v1/customresourcedefinitions/{name}/status

Table 809. Path parameters
Parameter	Description
`name`	name of the CustomResourceDefinition

Table 810. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 811. HTTP responses
Code	Type
200 - OK	CustomResourceDefinition

Replace Status

replace status of the specified CustomResourceDefinition

HTTP request

put /apis/apiextensions.k8s.io/v1/customresourcedefinitions/{name}/status

Table 812. HTTP body
Object	Type
`body`	CustomResourceDefinition

Table 813. Path parameters
Parameter	Description
`name`	name of the CustomResourceDefinition

Table 814. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 815. HTTP responses
Code	Type
200 - OK	CustomResourceDefinition
201 - Created	CustomResourceDefinition

APIService v1 apiregistration

Appears in

APIServiceList [apiregistration/v1]

Definitions

APIService [v1/apiregistration]

The following table describes the parameters for the APIService object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

spec

APIServiceSpec

Spec contains information for locating and communicating with a server

status

APIServiceStatus

Status contains derived information about an API server

APIServiceSpec [v1/apiregistration]

The following table describes the parameters for APIServiceSpec object:

Field Type Description

caBundle

string

CABundle is a PEM encoded CA bundle which will be used to validate an API server’s serving certificate. If unspecified, system trust roots on the apiserver are used.

group

string

Group is the API group name this server hosts

groupPriorityMinimum

integer

GroupPriorityMininum is the priority this group should have at least. Higher priority means that the group is preferred by clients over lower priority ones. Note that other versions of this group might specify even higher GroupPriorityMininum values such that the whole group gets a higher priority. The primary sort is based on GroupPriorityMinimum, ordered highest number to lowest (20 before 10). The secondary sort is based on the alphabetical comparison of the name of the object. (v1.bar before v1.foo) We’d recommend something like: *.k8s.io (except extensions) at 18000 and PaaSes (OpenShift, Deis) are recommended to be in the 2000s

insecureSkipTLSVerify

boolean

InsecureSkipTLSVerify disables TLS certificate verification when communicating with this server. This is strongly discouraged. You should use the CABundle instead.

service

ServiceReference

Service is a reference to the service for this API server. It must communicate on port 443 If the Service is nil, that means the handling for the API groupversion is handled locally on this server. The call will simply delegate to the normal handler chain to be fulfilled.

version

string

Version is the API version this server hosts. For example, "v1"

versionPriority

integer

VersionPriority controls the ordering of this API version inside of its group. Must be greater than zero. The primary sort is based on VersionPriority, ordered highest to lowest (20 before 10). Since it’s inside of a group, the number can be small, probably in the 10s. In case of equal version priorities, the version string will be used to compute the order inside a group. If the version string is "kube-like", it will sort above non "kube-like" version strings, which are ordered lexicographically. "Kube-like" versions start with a "v", then are followed by a number (the major version), then optionally the string "alpha" or "beta" and another number (the minor version). These are sorted first by GA > beta > alpha (where GA is a version with no suffix such as beta or alpha), and then by comparing major version, then minor version. An example sorted list of versions: v10, v2, v1, v11beta2, v10beta3, v3beta1, v12alpha1, v11alpha2, foo1, foo10.

APIServiceStatus [v1/apiregistration]

The following table describes the parameters for APIServiceStatus object:

Field Type Description

conditions

APIServiceCondition array

Current service state of apiService.

APIServiceList [v1/apiregistration]

The following table describes the parameters for APIServiceList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

APIService array

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

APIServiceCondition [v1/apiregistration]

The following table describes the parameters for APIServiceCondition object:

Field Type Description

lastTransitionTime

Time

Last time the condition transitioned from one status to another.

message

string

Human-readable message indicating details about last transition.

reason

string

Unique, one-word, CamelCase reason for the condition’s last transition.

status

string

Status is the status of the condition. Can be True, False, Unknown.

type

string

Type is the type of the condition.

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

ServiceReference [v1/apiregistration]

The following table describes the parameters for ServiceReference object:

Field Type Description

name

string

Name is the name of the service

namespace

string

Namespace is the namespace of the service

port

integer

If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. port should be a valid port number (1-65535, inclusive).

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create an APIService

HTTP request

post /apis/apiregistration.k8s.io/v1/apiservices

Table 816. HTTP body
Object	Type
`body`	APIService

Table 817. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 818. HTTP responses
Code	Type
200 - OK	APIService
201 - Created	APIService
202 - Accepted	APIService

Patch

partially update the specified APIService

HTTP request

patch /apis/apiregistration.k8s.io/v1/apiservices/{name}

Table 819. HTTP body
Object	Type
`body`	Patch

Table 820. Path parameters
Parameter	Description
`name`	name of the APIService

Table 821. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 822. HTTP responses
Code	Type
200 - OK	APIService

Replace

replace the specified APIService

HTTP request

put /apis/apiregistration.k8s.io/v1/apiservices/{name}

Table 823. HTTP body
Object	Type
`body`	APIService

Table 824. Path parameters
Parameter	Description
`name`	name of the APIService

Table 825. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 826. HTTP responses
Code	Type
200 - OK	APIService
201 - Created	APIService

Delete

delete an APIService

HTTP request

delete /apis/apiregistration.k8s.io/v1/apiservices/{name}

Table 827. HTTP body
Object	Type
`body`	DeleteOptions

Table 828. Path parameters
Parameter	Description
`name`	name of the APIService

Table 829. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 830. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of APIService

HTTP request

delete /apis/apiregistration.k8s.io/v1/apiservices

Table 831. HTTP body
Object	Type
`body`	DeleteOptions

Table 832. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 833. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified APIService

HTTP request

get /apis/apiregistration.k8s.io/v1/apiservices/{name}

Table 834. Path parameters
Parameter	Description
`name`	name of the APIService

Table 835. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 836. HTTP responses
Code	Type
200 - OK	APIService

List

list or watch objects of kind APIService

HTTP request

get /apis/apiregistration.k8s.io/v1/apiservices

Table 837. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 838. HTTP responses
Code	Type
200 - OK	APIServiceList

Watch

watch changes to an object of kind APIService. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /apis/apiregistration.k8s.io/v1/watch/apiservices/{name}

Table 839. Path parameters
Parameter	Description
`name`	name of the APIService

Table 840. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 841. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of APIService. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/apiregistration.k8s.io/v1/watch/apiservices

Table 842. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 843. HTTP responses
Code	Type
200 - OK	WatchEvent

Status Operations

Patch Status

partially update status of the specified APIService

HTTP request

patch /apis/apiregistration.k8s.io/v1/apiservices/{name}/status

Table 844. HTTP body
Object	Type
`body`	Patch

Table 845. Path parameters
Parameter	Description
`name`	name of the APIService

Table 846. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 847. HTTP responses
Code	Type
200 - OK	APIService

Read Status

read status of the specified APIService

HTTP request

get /apis/apiregistration.k8s.io/v1/apiservices/{name}/status

Table 848. Path parameters
Parameter	Description
`name`	name of the APIService

Table 849. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 850. HTTP responses
Code	Type
200 - OK	APIService

Replace Status

replace status of the specified APIService

HTTP request

put /apis/apiregistration.k8s.io/v1/apiservices/{name}/status

Table 851. HTTP body
Object	Type
`body`	APIService

Table 852. Path parameters
Parameter	Description
`name`	name of the APIService

Table 853. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 854. HTTP responses
Code	Type
200 - OK	APIService
201 - Created	APIService

ControllerRevision v1 apps

Appears in

ControllerRevisionList [apps/v1]

Definitions

ControllerRevision [v1/apps]

The following table describes the parameters for the ControllerRevision object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

data

Data is the serialized representation of the state.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

revision

integer

Revision indicates the revision of the state represented by Data.

ControllerRevisionList [v1/apps]

The following table describes the parameters for ControllerRevisionList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

ControllerRevision array

Items is the list of ControllerRevisions

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a ControllerRevision

HTTP request

post /apis/apps/v1/namespaces/{namespace}/controllerrevisions

Table 855. HTTP body
Object	Type
`body`	ControllerRevision

Table 856. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 857. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 858. HTTP responses
Code	Type
200 - OK	ControllerRevision
201 - Created	ControllerRevision
202 - Accepted	ControllerRevision

Patch

partially update the specified ControllerRevision

HTTP request

patch /apis/apps/v1/namespaces/{namespace}/controllerrevisions/{name}

Table 859. HTTP body
Object	Type
`body`	Patch

Table 860. Path parameters
Parameter	Description
`name`	name of the ControllerRevision
`namespace`	object name and auth scope, such as for teams and projects

Table 861. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 862. HTTP responses
Code	Type
200 - OK	ControllerRevision

Replace

replace the specified ControllerRevision

HTTP request

put /apis/apps/v1/namespaces/{namespace}/controllerrevisions/{name}

Table 863. HTTP body
Object	Type
`body`	ControllerRevision

Table 864. Path parameters
Parameter	Description
`name`	name of the ControllerRevision
`namespace`	object name and auth scope, such as for teams and projects

Table 865. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 866. HTTP responses
Code	Type
200 - OK	ControllerRevision
201 - Created	ControllerRevision

Delete

delete a ControllerRevision

HTTP request

delete /apis/apps/v1/namespaces/{namespace}/controllerrevisions/{name}

Table 867. HTTP body
Object	Type
`body`	DeleteOptions

Table 868. Path parameters
Parameter	Description
`name`	name of the ControllerRevision
`namespace`	object name and auth scope, such as for teams and projects

Table 869. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 870. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of ControllerRevision

HTTP request

delete /apis/apps/v1/namespaces/{namespace}/controllerrevisions

Table 871. HTTP body
Object	Type
`body`	DeleteOptions

Table 872. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 873. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 874. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified ControllerRevision

HTTP request

get /apis/apps/v1/namespaces/{namespace}/controllerrevisions/{name}

Table 875. Path parameters
Parameter	Description
`name`	name of the ControllerRevision
`namespace`	object name and auth scope, such as for teams and projects

Table 876. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 877. HTTP responses
Code	Type
200 - OK	ControllerRevision

List

list or watch objects of kind ControllerRevision

HTTP request

get /apis/apps/v1/namespaces/{namespace}/controllerrevisions

Table 878. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 879. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 880. HTTP responses
Code	Type
200 - OK	ControllerRevisionList

List All Namespaces

list or watch objects of kind ControllerRevision

HTTP request

get /apis/apps/v1/controllerrevisions

Table 881. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 882. HTTP responses
Code	Type
200 - OK	ControllerRevisionList

Watch

watch changes to an object of kind ControllerRevision. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /apis/apps/v1/watch/namespaces/{namespace}/controllerrevisions/{name}

Table 883. Path parameters
Parameter	Description
`name`	name of the ControllerRevision
`namespace`	object name and auth scope, such as for teams and projects

Table 884. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 885. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of ControllerRevision. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/apps/v1/watch/namespaces/{namespace}/controllerrevisions

Table 886. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 887. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 888. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List All Namespaces

watch individual changes to a list of ControllerRevision. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/apps/v1/watch/controllerrevisions

Table 889. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 890. HTTP responses
Code	Type
200 - OK	WatchEvent

DaemonSet v1 apps

Appears in

DaemonSetList [apps/v1]

Definitions

DaemonSet [v1/apps]

The following table describes the parameters for the DaemonSet object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

DaemonSetSpec

The desired behavior of this daemon set. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

status

DaemonSetStatus

The current status of this daemon set. This data may be out of date by some window of time. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

DaemonSetSpec [v1/apps]

The following table describes the parameters for DaemonSetSpec object:

Field Type Description

minReadySeconds

integer

The minimum number of seconds for which a newly created DaemonSet pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready).

revisionHistoryLimit

integer

The number of old history to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 10.

selector

LabelSelector

A label query over pods that are managed by the daemon set. Must match in order to be controlled. It must match the pod template’s labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors

template

PodTemplateSpec

An object that describes the pod that will be created. The DaemonSet will create exactly one copy of this pod on every node that matches the template’s node selector (or on every node if no node selector is specified). More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template

updateStrategy

DaemonSetUpdateStrategy

An update strategy to replace existing DaemonSet pods with new pods.

DaemonSetStatus [v1/apps]

The following table describes the parameters for DaemonSetStatus object:

Field Type Description

collisionCount

integer

Count of hash collisions for the DaemonSet. The DaemonSet controller uses this field as a collision avoidance mechanism when it needs to create the name for the newest ControllerRevision.

conditions

DaemonSetCondition array

Represents the latest available observations of a DaemonSet’s current state.

currentNumberScheduled

integer

The number of nodes that are running at least 1 daemon pod and are supposed to run the daemon pod. More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/

desiredNumberScheduled

integer

The total number of nodes that should be running the daemon pod (including nodes correctly running the daemon pod). More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/

numberAvailable

integer

The number of nodes that should be running the daemon pod and have one or more of the daemon pod running and available (ready for at least spec.minReadySeconds)

numberMisscheduled

integer

The number of nodes that are running the daemon pod, but are not supposed to run the daemon pod. More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/

numberReady

integer

The number of nodes that should be running the daemon pod and have one or more of the daemon pod running and ready.

numberUnavailable

integer

The number of nodes that should be running the daemon pod and have none of the daemon pod running and available (ready for at least spec.minReadySeconds)

observedGeneration

integer

The most recent generation observed by the daemon set controller.

updatedNumberScheduled

integer

The total number of nodes that are running updated daemon pod

DaemonSetList [v1/apps]

The following table describes the parameters for DaemonSetList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

DaemonSet array

A list of daemon sets.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

RollingUpdateDaemonSet [v1/apps]

The following table describes the parameters for RollingUpdateDaemonSet object:

Field Type Description

maxUnavailable

The maximum number of DaemonSet pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total number of DaemonSet pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding up. This cannot be 0. Default value is 1. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their pods stopped for an update at any given time. The update starts by stopping at most 30% of those DaemonSet pods and then brings up new DaemonSet pods in their place. Once the new pods are available, it then proceeds onto other DaemonSet pods, thus ensuring that at least 70% of original number of DaemonSet pods are available at all times during the update.

DaemonSetCondition [v1/apps]

The following table describes the parameters for DaemonSetCondition object:

Field Type Description

lastTransitionTime

Time

Last time the condition transitioned from one status to another.

message

string

A human readable message indicating details about the transition.

reason

string

The reason for the condition’s last transition.

status

string

Status of the condition, one of True, False, Unknown.

type

string

Type of DaemonSet condition.

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

DaemonSetUpdateStrategy [v1/apps]

The following table describes the parameters for DaemonSetUpdateStrategy object:

Field Type Description

rollingUpdate

RollingUpdateDaemonSet

Rolling update config params. Present only if type = "RollingUpdate".

type

string

Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate.

PodTemplateSpec [v1/core]

The following table describes the parameters for PodTemplateSpec object:

Field Type Description

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

PodSpec

Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

PodSpec [v1/core]

The following table describes the parameters for PodSpec object:

Field Type Description

activeDeadlineSeconds

integer

Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.

affinity

Affinity

If specified, the pod’s scheduling constraints

automountServiceAccountToken

boolean

AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.

containers

Container array

List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.

dnsConfig

PodDNSConfig

Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.

dnsPolicy

string

Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.

enableServiceLinks

boolean

EnableServiceLinks indicates whether information about services should be injected into pod’s environment variables, matching the syntax of Docker links. Optional: Defaults to true.

ephemeralContainers

EphemeralContainer array

List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod’s ephemeralcontainers subresource. This field is alpha-level and is only honored by servers that enable the EphemeralContainers feature.

hostAliases

HostAlias array

HostAliases is an optional list of hosts and IPs that will be injected into the pod’s hosts file if specified. This is only valid for non-hostNetwork pods.

hostIPC

boolean

Use the host’s ipc namespace. Optional: Default to false.

hostNetwork

boolean

Host networking requested for this pod. Use the host’s network namespace. If this option is set, the ports that will be used must be specified. Default to false.

hostPID

boolean

Use the host’s pid namespace. Optional: Default to false.

hostname

string

Specifies the hostname of the Pod If not specified, the pod’s hostname will be set to a system-defined value.

imagePullSecrets

LocalObjectReference array

ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod

initContainers

Container array

List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

nodeName

string

NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.

nodeSelector

object

NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node’s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/

overhead

object

Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md This field is alpha-level as of Kubernetes v1.16, and is only honored by servers that enable the PodOverhead feature.

preemptionPolicy

string

PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. This field is alpha-level and is only honored by servers that enable the NonPreemptingPriority feature.

priority

integer

The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.

priorityClassName

string

If specified, indicates the pod’s priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.

readinessGates

PodReadinessGate array

If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md

restartPolicy

string

Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy

runtimeClassName

string

RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md This is a beta feature as of Kubernetes v1.14.

schedulerName

string

If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.

securityContext

PodSecurityContext

SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.

serviceAccount

string

DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.

serviceAccountName

string

ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

shareProcessNamespace

boolean

Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false. This field is beta-level and may be disabled with the PodShareProcessNamespace feature.

subdomain

string

If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not specified, the pod will not have a domainname at all.

terminationGracePeriodSeconds

integer

Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.

tolerations

Toleration array

If specified, the pod’s tolerations.

topologySpreadConstraints

TopologySpreadConstraint array

TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. This field is alpha-level and is only honored by clusters that enables the EvenPodsSpread feature. All topologySpreadConstraints are ANDed.

volumes

Volume array

List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes

Volume [v1/core]

The following table describes the parameters for Volume object:

Field Type Description

awsElasticBlockStore

AWSElasticBlockStoreVolumeSource

AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

azureDisk

AzureDiskVolumeSource

AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.

azureFile

AzureFileVolumeSource

AzureFile represents an Azure File Service mount on the host and bind mount to the pod.

cephfs

CephFSVolumeSource

CephFS represents a Ceph FS mount on the host that shares a pod’s lifetime

cinder

CinderVolumeSource

Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

configMap

ConfigMapVolumeSource

ConfigMap represents a configMap that should populate this volume

csi

CSIVolumeSource

CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature).

downwardAPI

DownwardAPIVolumeSource

DownwardAPI represents downward API about the pod that should populate this volume

emptyDir

EmptyDirVolumeSource

EmptyDir represents a temporary directory that shares a pod’s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir

fc

FCVolumeSource

FC represents a Fibre Channel resource that is attached to a kubelet’s host machine and then exposed to the pod.

flexVolume

FlexVolumeSource

FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.

flocker

FlockerVolumeSource

Flocker represents a Flocker volume attached to a kubelet’s host machine. This depends on the Flocker control service being running

gcePersistentDisk

GCEPersistentDiskVolumeSource

GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

gitRepo

GitRepoVolumeSource

GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod’s container.

glusterfs

GlusterfsVolumeSource

Glusterfs represents a Glusterfs mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md

hostPath

HostPathVolumeSource

HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

iscsi

ISCSIVolumeSource

ISCSI represents an ISCSI Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md

name

string

Volume’s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

nfs

NFSVolumeSource

NFS represents an NFS mount on the host that shares a pod’s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

persistentVolumeClaim

PersistentVolumeClaimVolumeSource

PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

photonPersistentDisk

PhotonPersistentDiskVolumeSource

PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine

portworxVolume

PortworxVolumeSource

PortworxVolume represents a portworx volume attached and mounted on kubelets host machine

projected

ProjectedVolumeSource

Items for all in one resources secrets, configmaps, and downward API

quobyte

QuobyteVolumeSource

Quobyte represents a Quobyte mount on the host that shares a pod’s lifetime

rbd

RBDVolumeSource

RBD represents a Rados Block Device mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md

scaleIO

ScaleIOVolumeSource

ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.

secret

SecretVolumeSource

Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret

storageos

StorageOSVolumeSource

StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.

vsphereVolume

VsphereVirtualDiskVolumeSource

VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine

VsphereVirtualDiskVolumeSource [v1/core]

The following table describes the parameters for VsphereVirtualDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

storagePolicyID

string

Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.

storagePolicyName

string

Storage Policy Based Management (SPBM) profile name.

volumePath

string

Path that identifies vSphere volume vmdk

StorageOSVolumeSource [v1/core]

The following table describes the parameters for StorageOSVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.

volumeName

string

VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.

volumeNamespace

string

VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod’s namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.

LocalObjectReference [v1/core]

The following table describes the parameters for LocalObjectReference object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

SecretVolumeSource [v1/core]

The following table describes the parameters for SecretVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

optional

boolean

Specify whether the Secret or its keys must be defined

secretName

string

Name of the secret in the pod’s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret

KeyToPath [v1/core]

The following table describes the parameters for KeyToPath object:

Field Type Description

key

string

The key to project.

mode

integer

Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

path

string

The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.

ScaleIOVolumeSource [v1/core]

The following table describes the parameters for ScaleIOVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".

gateway

string

The host address of the ScaleIO API Gateway.

protectionDomain

string

The name of the ScaleIO Protection Domain for the configured storage.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.

sslEnabled

boolean

Flag to enable/disable SSL communication with Gateway, default false

storageMode

string

Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.

storagePool

string

The ScaleIO Storage Pool associated with the protection domain.

system

string

The name of the storage system as configured in ScaleIO.

volumeName

string

The name of a volume already created in the ScaleIO system that is associated with this volume source.

RBDVolumeSource [v1/core]

The following table describes the parameters for RBDVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd

image

string

The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

keyring

string

Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

monitors

string array

A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

pool

string

The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

secretRef

LocalObjectReference

SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

user

string

The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

QuobyteVolumeSource [v1/core]

The following table describes the parameters for QuobyteVolumeSource object:

Field Type Description

group

string

Group to map volume access to Default is no group

readOnly

boolean

ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.

registry

string

Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes

tenant

string

Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin

user

string

User to map volume access to Defaults to serivceaccount user

volume

string

Volume is a string that references an already created Quobyte volume by name.

ProjectedVolumeSource [v1/core]

The following table describes the parameters for ProjectedVolumeSource object:

Field Type Description

defaultMode

integer

Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

sources

VolumeProjection array

list of volume projections

VolumeProjection [v1/core]

The following table describes the parameters for VolumeProjection object:

Field Type Description

configMap

ConfigMapProjection

information about the configMap data to project

downwardAPI

DownwardAPIProjection

information about the downwardAPI data to project

secret

SecretProjection

information about the secret data to project

serviceAccountToken

ServiceAccountTokenProjection

information about the serviceAccountToken data to project

ServiceAccountTokenProjection [v1/core]

The following table describes the parameters for ServiceAccountTokenProjection object:

Field Type Description

audience

string

Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.

expirationSeconds

integer

ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.

path

string

Path is the path relative to the mount point of the file to project the token into.

SecretProjection [v1/core]

The following table describes the parameters for SecretProjection object:

Field Type Description

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

DownwardAPIProjection [v1/core]

The following table describes the parameters for DownwardAPIProjection object:

Field Type Description

items

DownwardAPIVolumeFile array

Items is a list of DownwardAPIVolume file

DownwardAPIVolumeFile [v1/core]

The following table describes the parameters for DownwardAPIVolumeFile object:

Field Type Description

fieldRef

ObjectFieldSelector

Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.

mode

integer

Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

path

string

Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'

resourceFieldRef

ResourceFieldSelector

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.

ResourceFieldSelector [v1/core]

The following table describes the parameters for ResourceFieldSelector object:

Field Type Description

containerName

string

Container name: required for volumes, optional for env vars

divisor

Quantity

Specifies the output format of the exposed resources, defaults to "1"

resource

string

Required: resource to select

Quantity [resource/core]

The following table describes the parameters for Quantity object:

Field

Type

Description

ObjectFieldSelector [v1/core]

The following table describes the parameters for ObjectFieldSelector object:

Field Type Description

apiVersion

string

Version of the schema the FieldPath is written in terms of, defaults to "v1".

fieldPath

string

Path of the field to select in the specified API version.

ConfigMapProjection [v1/core]

The following table describes the parameters for ConfigMapProjection object:

Field Type Description

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its keys must be defined

PortworxVolumeSource [v1/core]

The following table describes the parameters for PortworxVolumeSource object:

Field Type Description

fsType

string

FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

volumeID

string

VolumeID uniquely identifies a Portworx volume

PhotonPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for PhotonPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

pdID

string

ID that identifies Photon Controller persistent disk

PersistentVolumeClaimVolumeSource [v1/core]

The following table describes the parameters for PersistentVolumeClaimVolumeSource object:

Field Type Description

claimName

string

ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

readOnly

boolean

Will force the ReadOnly setting in VolumeMounts. Default false.

NFSVolumeSource [v1/core]

The following table describes the parameters for NFSVolumeSource object:

Field Type Description

path

string

Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

readOnly

boolean

ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

server

string

Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

ISCSIVolumeSource [v1/core]

The following table describes the parameters for ISCSIVolumeSource object:

Field Type Description

chapAuthDiscovery

boolean

whether support iSCSI Discovery CHAP authentication

chapAuthSession

boolean

whether support iSCSI Session CHAP authentication

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi

initiatorName

string

Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.

iqn

string

Target iSCSI Qualified Name.

iscsiInterface

string

iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).

lun

integer

iSCSI Target Lun number.

portals

string array

iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.

secretRef

LocalObjectReference

CHAP Secret for iSCSI target and initiator authentication

targetPortal

string

iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

HostPathVolumeSource [v1/core]

The following table describes the parameters for HostPathVolumeSource object:

Field Type Description

path

string

Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

type

string

Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

GlusterfsVolumeSource [v1/core]

The following table describes the parameters for GlusterfsVolumeSource object:

Field Type Description

endpoints

string

EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

path

string

Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

readOnly

boolean

ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

GitRepoVolumeSource [v1/core]

The following table describes the parameters for GitRepoVolumeSource object:

Field Type Description

directory

string

Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.

repository

string

Repository URL

revision

string

Commit hash for the specified revision.

GCEPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for GCEPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

pdName

string

Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

FlockerVolumeSource [v1/core]

The following table describes the parameters for FlockerVolumeSource object:

Field Type Description

datasetName

string

Name of the dataset stored as metadata → name on the dataset for Flocker should be considered as deprecated

datasetUUID

string

UUID of the dataset. This is unique identifier of a Flocker dataset

FlexVolumeSource [v1/core]

The following table describes the parameters for FlexVolumeSource object:

Field Type Description

driver

string

Driver is the name of the driver to use for this volume.

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.

options

object

Optional: Extra command options if any.

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.

FCVolumeSource [v1/core]

The following table describes the parameters for FCVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

lun

integer

Optional: FC target lun number

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

targetWWNs

string array

Optional: FC target worldwide names (WWNs)

wwids

string array

Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.

EmptyDirVolumeSource [v1/core]

The following table describes the parameters for EmptyDirVolumeSource object:

Field Type Description

medium

string

What type of storage medium should back this directory. The default is "" which means to use the node’s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir

sizeLimit

Quantity

Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir

DownwardAPIVolumeSource [v1/core]

The following table describes the parameters for DownwardAPIVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

DownwardAPIVolumeFile array

Items is a list of downward API volume file

CSIVolumeSource [v1/core]

The following table describes the parameters for CSIVolumeSource object:

Field Type Description

driver

string

Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.

fsType

string

Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.

nodePublishSecretRef

LocalObjectReference

NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.

readOnly

boolean

Specifies a read-only configuration for the volume. Defaults to false (read/write).

volumeAttributes

object

VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver’s documentation for supported values.

ConfigMapVolumeSource [v1/core]

The following table describes the parameters for ConfigMapVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its keys must be defined

CinderVolumeSource [v1/core]

The following table describes the parameters for CinderVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

secretRef

LocalObjectReference

Optional: points to a secret object containing parameters used to connect to RHOSP.

volumeID

string

volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

CephFSVolumeSource [v1/core]

The following table describes the parameters for CephFSVolumeSource object:

Field Type Description

monitors

string array

Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

path

string

Optional: Used as the mounted root, rather than the full Ceph tree, default is /

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretFile

string

Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretRef

LocalObjectReference

Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

user

string

Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

AzureFileVolumeSource [v1/core]

The following table describes the parameters for AzureFileVolumeSource object:

Field Type Description

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretName

string

the name of secret that contains Azure Storage Account Name and Key

shareName

string

Share Name

AzureDiskVolumeSource [v1/core]

The following table describes the parameters for AzureDiskVolumeSource object:

Field Type Description

cachingMode

string

Host Caching mode: None, Read Only, Read Write.

diskName

string

The Name of the data disk in the blob storage

diskURI

string

The URI the data disk in the blob storage

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

kind

string

Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

AWSElasticBlockStoreVolumeSource [v1/core]

The following table describes the parameters for AWSElasticBlockStoreVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).

readOnly

boolean

Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

volumeID

string

Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

TopologySpreadConstraint [v1/core]

The following table describes the parameters for TopologySpreadConstraint object:

Field Type Description

labelSelector

LabelSelector

LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.

maxSkew

integer

MaxSkew describes the degree to which pods may be unevenly distributed. It’s the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0:

zone1

zone2

zone3

P

- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It’s a required field. Default value is 1 and 0 is not allowed.

topologyKey

string

TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. It’s a required field.

whenUnsatisfiable

string

WhenUnsatisfiable indicates how to deal with a pod if it doesn’t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It’s considered as "Unsatisfiable" if and only if placing incoming pod on any topology violates "MaxSkew". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1:

zone1

zone2

zone3

P P P

P

LabelSelector [v1/meta]

The following table describes the parameters for LabelSelector object:

Field Type Description

matchExpressions

LabelSelectorRequirement array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchLabels

object

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

LabelSelectorRequirement [v1/meta]

The following table describes the parameters for LabelSelectorRequirement object:

Field Type Description

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

string array

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

Toleration [v1/core]

The following table describes the parameters for Toleration object:

Field Type Description

effect

string

Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.

key

string

Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.

operator

string

Operator represents a key’s relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.

tolerationSeconds

integer

TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.

value

string

Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.

PodSecurityContext [v1/core]

The following table describes the parameters for PodSecurityContext object:

Field Type Description

fsGroup

integer

A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:

1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR’d with rw-rw----

If unset, the Kubelet will not modify the ownership and permissions of any volume.

runAsGroup

integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

runAsNonRoot

boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser

integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

seLinuxOptions

SELinuxOptions

The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

supplementalGroups

integer array

A list of groups applied to the first process run in each container, in addition to the container’s primary GID. If unspecified, no groups will be added to any container.

sysctls

Sysctl array

Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch.

windowsOptions

WindowsSecurityContextOptions

The Windows specific settings applied to all containers. If unspecified, the options within a container’s SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

WindowsSecurityContextOptions [v1/core]

The following table describes the parameters for WindowsSecurityContextOptions object:

Field Type Description

gmsaCredentialSpec

string

GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.

gmsaCredentialSpecName

string

GMSACredentialSpecName is the name of the GMSA credential spec to use. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.

runAsUserName

string

The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. This field is alpha-level and it is only honored by servers that enable the WindowsRunAsUserName feature flag.

Sysctl [v1/core]

The following table describes the parameters for Sysctl object:

Field Type Description

name

string

Name of a property to set

value

string

Value of a property to set

SELinuxOptions [v1/core]

The following table describes the parameters for SELinuxOptions object:

Field Type Description

level

string

Level is SELinux level label that applies to the container.

role

string

Role is a SELinux role label that applies to the container.

type

string

Type is a SELinux type label that applies to the container.

user

string

User is a SELinux user label that applies to the container.

PodReadinessGate [v1/core]

The following table describes the parameters for PodReadinessGate object:

Field Type Description

conditionType

string

ConditionType refers to a condition in the pod’s condition list with matching type.

HostAlias [v1/core]

The following table describes the parameters for HostAlias object:

Field Type Description

hostnames

string array

Hostnames for the above IP address.

ip

string

IP address of the host file entry.

EphemeralContainer [v1/core]

The following table describes the parameters for EphemeralContainer object:

Field Type Description

args

string array

Arguments to the entrypoint. The docker image’s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

command

string array

Entrypoint array. Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

env

EnvVar array

List of environment variables to set in the container. Cannot be updated.

envFrom

EnvFromSource array

List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.

image

string

Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images

imagePullPolicy

string

Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images

lifecycle

Lifecycle

Lifecycle is not allowed for ephemeral containers.

livenessProbe

Probe

Probes are not allowed for ephemeral containers.

name

string

Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.

ports

ContainerPort array

Ports are not allowed for ephemeral containers.

readinessProbe

Probe

Probes are not allowed for ephemeral containers.

resources

ResourceRequirements

Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.

securityContext

SecurityContext

SecurityContext is not allowed for ephemeral containers.

startupProbe

Probe

Probes are not allowed for ephemeral containers.

stdin

boolean

Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.

stdinOnce

boolean

Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false

targetContainerName

string

If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container is run in whatever namespaces are shared for the pod. Note that the container runtime must support this feature.

terminationMessagePath

string

Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.

terminationMessagePolicy

string

Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.

tty

boolean

Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.

volumeDevices

VolumeDevice array

volumeDevices is the list of block devices to be used by the container. This is a beta feature.

volumeMounts

VolumeMount array

Pod volumes to mount into the container’s filesystem. Cannot be updated.

workingDir

string

Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.

VolumeMount [v1/core]

The following table describes the parameters for VolumeMount object:

Field Type Description

mountPath

string

Path within the container at which the volume should be mounted. Must not contain ':'.

mountPropagation

string

mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.

name

string

This must match the Name of a Volume.

readOnly

boolean

Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.

subPath

string

Path within the volume from which the container’s volume should be mounted. Defaults to "" (volume’s root).

subPathExpr

string

Expanded path within the volume from which the container’s volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container’s environment. Defaults to "" (volume’s root). SubPathExpr and SubPath are mutually exclusive. This field is beta in 1.15.

VolumeDevice [v1/core]

The following table describes the parameters for VolumeDevice object:

Field Type Description

devicePath

string

devicePath is the path inside of the container that the device will be mapped to.

name

string

name must match the name of a persistentVolumeClaim in the pod

SecurityContext [v1/core]

The following table describes the parameters for SecurityContext object:

Field Type Description

allowPrivilegeEscalation

boolean

AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN

capabilities

Capabilities

The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.

privileged

boolean

Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.

procMount

string

procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.

readOnlyRootFilesystem

boolean

Whether this container has a read-only root filesystem. Default is false.

runAsGroup

integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsNonRoot

boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser

integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

seLinuxOptions

SELinuxOptions

The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

windowsOptions

WindowsSecurityContextOptions

The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

Capabilities [v1/core]

The following table describes the parameters for Capabilities object:

Field Type Description

add

string array

Added capabilities

drop

string array

Removed capabilities

ResourceRequirements [v1/core]

The following table describes the parameters for ResourceRequirements object:

Field Type Description

limits

object

Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

requests

object

Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

ContainerPort [v1/core]

The following table describes the parameters for ContainerPort object:

Field Type Description

containerPort

integer

Number of port to expose on the pod’s IP address. This must be a valid port number, 0 < x < 65536.

hostIP

string

What host IP to bind the external port to.

hostPort

integer

Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.

name

string

If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.

protocol

string

Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".

Probe [v1/core]

The following table describes the parameters for Probe object:

Field Type Description

exec

ExecAction

One and only one of the following should be specified. Exec specifies the action to take.

failureThreshold

integer

Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.

httpGet

HTTPGetAction

HTTPGet specifies the http request to perform.

initialDelaySeconds

integer

Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

periodSeconds

integer

How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.

successThreshold

integer

Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

tcpSocket

TCPSocketAction

TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported

timeoutSeconds

integer

Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

TCPSocketAction [v1/core]

The following table describes the parameters for TCPSocketAction object:

Field Type Description

host

string

Optional: Host name to connect to, defaults to the pod IP.

port

Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

HTTPGetAction [v1/core]

The following table describes the parameters for HTTPGetAction object:

Field Type Description

host

string

Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.

httpHeaders

HTTPHeader array

Custom headers to set in the request. HTTP allows repeated headers.

path

string

Path to access on the HTTP server.

port

Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

scheme

string

Scheme to use for connecting to the host. Defaults to HTTP.

HTTPHeader [v1/core]

The following table describes the parameters for HTTPHeader object:

Field Type Description

name

string

The header field name

value

string

The header field value

ExecAction [v1/core]

The following table describes the parameters for ExecAction object:

Field Type Description

command

string array

Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('

Lifecycle [v1/core]

The following table describes the parameters for Lifecycle object:

Field Type Description

postStart

Handler

PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

preStop

Handler

PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod’s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod’s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

Handler [v1/core]

The following table describes the parameters for Handler object:

Field Type Description

exec

ExecAction

One and only one of the following should be specified. Exec specifies the action to take.

httpGet

HTTPGetAction

HTTPGet specifies the http request to perform.

tcpSocket

TCPSocketAction

TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported

EnvFromSource [v1/core]

The following table describes the parameters for EnvFromSource object:

Field Type Description

configMapRef

ConfigMapEnvSource

The ConfigMap to select from

prefix

string

An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.

secretRef

SecretEnvSource

The Secret to select from

SecretEnvSource [v1/core]

The following table describes the parameters for SecretEnvSource object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret must be defined

ConfigMapEnvSource [v1/core]

The following table describes the parameters for ConfigMapEnvSource object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap must be defined

EnvVar [v1/core]

The following table describes the parameters for EnvVar object:

Field Type Description

name

string

Name of the environment variable. Must be a C_IDENTIFIER.

value

string

Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".

valueFrom

EnvVarSource

Source for the environment variable’s value. Cannot be used if value is not empty.

EnvVarSource [v1/core]

The following table describes the parameters for EnvVarSource object:

Field Type Description

configMapKeyRef

ConfigMapKeySelector

Selects a key of a ConfigMap.

fieldRef

ObjectFieldSelector

Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP.

resourceFieldRef

ResourceFieldSelector

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.

secretKeyRef

SecretKeySelector

Selects a key of a secret in the pod’s namespace

SecretKeySelector [v1/core]

The following table describes the parameters for SecretKeySelector object:

Field Type Description

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

ConfigMapKeySelector [v1/core]

The following table describes the parameters for ConfigMapKeySelector object:

Field Type Description

key

string

The key to select.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its key must be defined

PodDNSConfig [v1/core]

The following table describes the parameters for PodDNSConfig object:

Field Type Description

nameservers

string array

A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.

options

PodDNSConfigOption array

A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.

searches

string array

A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.

PodDNSConfigOption [v1/core]

The following table describes the parameters for PodDNSConfigOption object:

Field Type Description

name

string

Required.

value

string

Container [v1/core]

The following table describes the parameters for Container object:

Field Type Description

args

string array

Arguments to the entrypoint. The docker image’s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

command

string array

Entrypoint array. Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

env

EnvVar array

List of environment variables to set in the container. Cannot be updated.

envFrom

EnvFromSource array

List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.

image

string

Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.

imagePullPolicy

string

Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images

lifecycle

Lifecycle

Actions that the management system should take in response to container lifecycle events. Cannot be updated.

livenessProbe

Probe

Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

name

string

Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.

ports

ContainerPort array

List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated.

readinessProbe

Probe

Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

resources

ResourceRequirements

Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

securityContext

SecurityContext

Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

startupProbe

Probe

StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod’s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is an alpha feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

stdin

boolean

Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.

stdinOnce

boolean

Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false

terminationMessagePath

string

Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.

terminationMessagePolicy

string

Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.

tty

boolean

Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.

volumeDevices

VolumeDevice array

volumeDevices is the list of block devices to be used by the container. This is a beta feature.

volumeMounts

VolumeMount array

Pod volumes to mount into the container’s filesystem. Cannot be updated.

workingDir

string

Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.

Affinity [v1/core]

The following table describes the parameters for Affinity object:

Field Type Description

nodeAffinity

NodeAffinity

Describes node affinity scheduling rules for the pod.

podAffinity

PodAffinity

Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).

podAntiAffinity

PodAntiAffinity

Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).

PodAntiAffinity [v1/core]

The following table describes the parameters for PodAntiAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

WeightedPodAffinityTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

PodAffinityTerm array

If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

PodAffinityTerm [v1/core]

The following table describes the parameters for PodAffinityTerm object:

Field Type Description

labelSelector

LabelSelector

A label query over a set of resources, in this case pods.

namespaces

string array

namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod’s namespace"

topologyKey

string

This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.

WeightedPodAffinityTerm [v1/core]

The following table describes the parameters for WeightedPodAffinityTerm object:

Field Type Description

podAffinityTerm

PodAffinityTerm

Required. A pod affinity term, associated with the corresponding weight.

weight

integer

weight associated with matching the corresponding podAffinityTerm, in the range 1-100.

PodAffinity [v1/core]

The following table describes the parameters for PodAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

WeightedPodAffinityTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

PodAffinityTerm array

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

NodeAffinity [v1/core]

The following table describes the parameters for NodeAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

PreferredSchedulingTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

NodeSelector

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.

NodeSelector [v1/core]

The following table describes the parameters for NodeSelector object:

Field Type Description

nodeSelectorTerms

NodeSelectorTerm array

Required. A list of node selector terms. The terms are ORed.

NodeSelectorTerm [v1/core]

The following table describes the parameters for NodeSelectorTerm object:

Field Type Description

matchExpressions

NodeSelectorRequirement array

A list of node selector requirements by node’s labels.

matchFields

NodeSelectorRequirement array

A list of node selector requirements by node’s fields.

NodeSelectorRequirement [v1/core]

The following table describes the parameters for NodeSelectorRequirement object:

Field Type Description

key

string

The label key that the selector applies to.

operator

string

Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.

values

string array

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.

PreferredSchedulingTerm [v1/core]

The following table describes the parameters for PreferredSchedulingTerm object:

Field Type Description

preference

NodeSelectorTerm

A node selector term, associated with the corresponding weight.

weight

integer

Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a DaemonSet

HTTP request

post /apis/apps/v1/namespaces/{namespace}/daemonsets

Table 891. HTTP body
Object	Type
`body`	DaemonSet

Table 892. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 893. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 894. HTTP responses
Code	Type
200 - OK	DaemonSet
201 - Created	DaemonSet
202 - Accepted	DaemonSet

Patch

partially update the specified DaemonSet

HTTP request

patch /apis/apps/v1/namespaces/{namespace}/daemonsets/{name}

Table 895. HTTP body
Object	Type
`body`	Patch

Table 896. Path parameters
Parameter	Description
`name`	name of the DaemonSet
`namespace`	object name and auth scope, such as for teams and projects

Table 897. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 898. HTTP responses
Code	Type
200 - OK	DaemonSet

Replace

replace the specified DaemonSet

HTTP request

put /apis/apps/v1/namespaces/{namespace}/daemonsets/{name}

Table 899. HTTP body
Object	Type
`body`	DaemonSet

Table 900. Path parameters
Parameter	Description
`name`	name of the DaemonSet
`namespace`	object name and auth scope, such as for teams and projects

Table 901. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 902. HTTP responses
Code	Type
200 - OK	DaemonSet
201 - Created	DaemonSet

Delete

delete a DaemonSet

HTTP request

delete /apis/apps/v1/namespaces/{namespace}/daemonsets/{name}

Table 903. HTTP body
Object	Type
`body`	DeleteOptions

Table 904. Path parameters
Parameter	Description
`name`	name of the DaemonSet
`namespace`	object name and auth scope, such as for teams and projects

Table 905. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 906. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of DaemonSet

HTTP request

delete /apis/apps/v1/namespaces/{namespace}/daemonsets

Table 907. HTTP body
Object	Type
`body`	DeleteOptions

Table 908. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 909. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 910. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified DaemonSet

HTTP request

get /apis/apps/v1/namespaces/{namespace}/daemonsets/{name}

Table 911. Path parameters
Parameter	Description
`name`	name of the DaemonSet
`namespace`	object name and auth scope, such as for teams and projects

Table 912. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 913. HTTP responses
Code	Type
200 - OK	DaemonSet

List

list or watch objects of kind DaemonSet

HTTP request

get /apis/apps/v1/namespaces/{namespace}/daemonsets

Table 914. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 915. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 916. HTTP responses
Code	Type
200 - OK	DaemonSetList

List All Namespaces

list or watch objects of kind DaemonSet

HTTP request

get /apis/apps/v1/daemonsets

Table 917. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 918. HTTP responses
Code	Type
200 - OK	DaemonSetList

Watch

watch changes to an object of kind DaemonSet. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /apis/apps/v1/watch/namespaces/{namespace}/daemonsets/{name}

Table 919. Path parameters
Parameter	Description
`name`	name of the DaemonSet
`namespace`	object name and auth scope, such as for teams and projects

Table 920. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 921. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of DaemonSet. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/apps/v1/watch/namespaces/{namespace}/daemonsets

Table 922. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 923. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 924. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List All Namespaces

watch individual changes to a list of DaemonSet. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/apps/v1/watch/daemonsets

Table 925. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 926. HTTP responses
Code	Type
200 - OK	WatchEvent

Status Operations

Patch Status

partially update status of the specified DaemonSet

HTTP request

patch /apis/apps/v1/namespaces/{namespace}/daemonsets/{name}/status

Table 927. HTTP body
Object	Type
`body`	Patch

Table 928. Path parameters
Parameter	Description
`name`	name of the DaemonSet
`namespace`	object name and auth scope, such as for teams and projects

Table 929. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 930. HTTP responses
Code	Type
200 - OK	DaemonSet

Read Status

read status of the specified DaemonSet

HTTP request

get /apis/apps/v1/namespaces/{namespace}/daemonsets/{name}/status

Table 931. Path parameters
Parameter	Description
`name`	name of the DaemonSet
`namespace`	object name and auth scope, such as for teams and projects

Table 932. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 933. HTTP responses
Code	Type
200 - OK	DaemonSet

Replace Status

replace status of the specified DaemonSet

HTTP request

put /apis/apps/v1/namespaces/{namespace}/daemonsets/{name}/status

Table 934. HTTP body
Object	Type
`body`	DaemonSet

Table 935. Path parameters
Parameter	Description
`name`	name of the DaemonSet
`namespace`	object name and auth scope, such as for teams and projects

Table 936. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 937. HTTP responses
Code	Type
200 - OK	DaemonSet
201 - Created	DaemonSet

Deployment v1 apps

Appears in

DeploymentList [apps/v1]

Definitions

Deployment [v1/apps]

The following table describes the parameters for the Deployment object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object metadata.

spec

DeploymentSpec

Specification of the desired behavior of the Deployment.

status

DeploymentStatus

Most recently observed status of the Deployment.

DeploymentSpec [v1/apps]

The following table describes the parameters for DeploymentSpec object:

Field Type Description

minReadySeconds

integer

Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)

paused

boolean

Indicates that the deployment is paused.

progressDeadlineSeconds

integer

The maximum time in seconds for a deployment to make progress before it is considered to be failed. The deployment controller will continue to process failed deployments and a condition with a ProgressDeadlineExceeded reason will be surfaced in the deployment status. Note that progress will not be estimated during the time a deployment is paused. Defaults to 600s.

replicas

integer

Number of desired pods. This is a pointer to distinguish between explicit zero and not specified. Defaults to 1.

revisionHistoryLimit

integer

The number of old ReplicaSets to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 10.

selector

LabelSelector

Label selector for pods. Existing ReplicaSets whose pods are selected by this will be the ones affected by this deployment. It must match the pod template’s labels.

strategy

DeploymentStrategy

The deployment strategy to use to replace existing pods with new ones.

template

PodTemplateSpec

Template describes the pods that will be created.

DeploymentStatus [v1/apps]

The following table describes the parameters for DeploymentStatus object:

Field Type Description

availableReplicas

integer

Total number of available pods (ready for at least minReadySeconds) targeted by this deployment.

collisionCount

integer

Count of hash collisions for the Deployment. The Deployment controller uses this field as a collision avoidance mechanism when it needs to create the name for the newest ReplicaSet.

conditions

DeploymentCondition array

Represents the latest available observations of a deployment’s current state.

observedGeneration

integer

The generation observed by the deployment controller.

readyReplicas

integer

Total number of ready pods targeted by this deployment.

replicas

integer

Total number of non-terminated pods targeted by this deployment (their labels match the selector).

unavailableReplicas

integer

Total number of unavailable pods targeted by this deployment. This is the total number of pods that are still required for the deployment to have 100% available capacity. They may either be pods that are running but not yet available or pods that still have not been created.

updatedReplicas

integer

Total number of non-terminated pods targeted by this deployment that have the desired template spec.

DeploymentList [v1/apps]

The following table describes the parameters for DeploymentList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Deployment array

Items is the list of Deployments.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata.

DeploymentStrategy [v1/apps]

The following table describes the parameters for DeploymentStrategy object:

Field Type Description

rollingUpdate

RollingUpdateDeployment

Rolling update config params. Present only if DeploymentStrategyType = RollingUpdate.

type

string

Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate.

RollingUpdateDeployment [v1/apps]

The following table describes the parameters for RollingUpdateDeployment object:

Field Type Description

maxSurge

The maximum number of pods that can be scheduled above the desired number of pods. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 25%. Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new ReplicaSet can be scaled up further, ensuring that total number of pods running at any time during the update is at most 130% of desired pods.

maxUnavailable

The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old ReplicaSet can be scaled down further, followed by scaling up the new ReplicaSet, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods.

DeploymentCondition [v1/apps]

The following table describes the parameters for DeploymentCondition object:

Field Type Description

lastTransitionTime

Time

Last time the condition transitioned from one status to another.

lastUpdateTime

Time

The last time this condition was updated.

message

string

A human readable message indicating details about the transition.

reason

string

The reason for the condition’s last transition.

status

string

Status of the condition, one of True, False, Unknown.

type

string

Type of deployment condition.

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

PodTemplateSpec [v1/core]

The following table describes the parameters for PodTemplateSpec object:

Field Type Description

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

PodSpec

Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

PodSpec [v1/core]

The following table describes the parameters for PodSpec object:

Field Type Description

activeDeadlineSeconds

integer

Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.

affinity

Affinity

If specified, the pod’s scheduling constraints

automountServiceAccountToken

boolean

AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.

containers

Container array

List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.

dnsConfig

PodDNSConfig

Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.

dnsPolicy

string

Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.

enableServiceLinks

boolean

EnableServiceLinks indicates whether information about services should be injected into pod’s environment variables, matching the syntax of Docker links. Optional: Defaults to true.

ephemeralContainers

EphemeralContainer array

List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod’s ephemeralcontainers subresource. This field is alpha-level and is only honored by servers that enable the EphemeralContainers feature.

hostAliases

HostAlias array

HostAliases is an optional list of hosts and IPs that will be injected into the pod’s hosts file if specified. This is only valid for non-hostNetwork pods.

hostIPC

boolean

Use the host’s ipc namespace. Optional: Default to false.

hostNetwork

boolean

Host networking requested for this pod. Use the host’s network namespace. If this option is set, the ports that will be used must be specified. Default to false.

hostPID

boolean

Use the host’s pid namespace. Optional: Default to false.

hostname

string

Specifies the hostname of the Pod If not specified, the pod’s hostname will be set to a system-defined value.

imagePullSecrets

LocalObjectReference array

ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod

initContainers

Container array

List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

nodeName

string

NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.

nodeSelector

object

NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node’s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/

overhead

object

Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md This field is alpha-level as of Kubernetes v1.16, and is only honored by servers that enable the PodOverhead feature.

preemptionPolicy

string

PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. This field is alpha-level and is only honored by servers that enable the NonPreemptingPriority feature.

priority

integer

The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.

priorityClassName

string

If specified, indicates the pod’s priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.

readinessGates

PodReadinessGate array

If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md

restartPolicy

string

Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy

runtimeClassName

string

RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md This is a beta feature as of Kubernetes v1.14.

schedulerName

string

If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.

securityContext

PodSecurityContext

SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.

serviceAccount

string

DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.

serviceAccountName

string

ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

shareProcessNamespace

boolean

Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false. This field is beta-level and may be disabled with the PodShareProcessNamespace feature.

subdomain

string

If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not specified, the pod will not have a domainname at all.

terminationGracePeriodSeconds

integer

Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.

tolerations

Toleration array

If specified, the pod’s tolerations.

topologySpreadConstraints

TopologySpreadConstraint array

TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. This field is alpha-level and is only honored by clusters that enables the EvenPodsSpread feature. All topologySpreadConstraints are ANDed.

volumes

Volume array

List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes

Volume [v1/core]

The following table describes the parameters for Volume object:

Field Type Description

awsElasticBlockStore

AWSElasticBlockStoreVolumeSource

AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

azureDisk

AzureDiskVolumeSource

AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.

azureFile

AzureFileVolumeSource

AzureFile represents an Azure File Service mount on the host and bind mount to the pod.

cephfs

CephFSVolumeSource

CephFS represents a Ceph FS mount on the host that shares a pod’s lifetime

cinder

CinderVolumeSource

Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

configMap

ConfigMapVolumeSource

ConfigMap represents a configMap that should populate this volume

csi

CSIVolumeSource

CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature).

downwardAPI

DownwardAPIVolumeSource

DownwardAPI represents downward API about the pod that should populate this volume

emptyDir

EmptyDirVolumeSource

EmptyDir represents a temporary directory that shares a pod’s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir

fc

FCVolumeSource

FC represents a Fibre Channel resource that is attached to a kubelet’s host machine and then exposed to the pod.

flexVolume

FlexVolumeSource

FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.

flocker

FlockerVolumeSource

Flocker represents a Flocker volume attached to a kubelet’s host machine. This depends on the Flocker control service being running

gcePersistentDisk

GCEPersistentDiskVolumeSource

GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

gitRepo

GitRepoVolumeSource

GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod’s container.

glusterfs

GlusterfsVolumeSource

Glusterfs represents a Glusterfs mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md

hostPath

HostPathVolumeSource

HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

iscsi

ISCSIVolumeSource

ISCSI represents an ISCSI Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md

name

string

Volume’s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

nfs

NFSVolumeSource

NFS represents an NFS mount on the host that shares a pod’s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

persistentVolumeClaim

PersistentVolumeClaimVolumeSource

PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

photonPersistentDisk

PhotonPersistentDiskVolumeSource

PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine

portworxVolume

PortworxVolumeSource

PortworxVolume represents a portworx volume attached and mounted on kubelets host machine

projected

ProjectedVolumeSource

Items for all in one resources secrets, configmaps, and downward API

quobyte

QuobyteVolumeSource

Quobyte represents a Quobyte mount on the host that shares a pod’s lifetime

rbd

RBDVolumeSource

RBD represents a Rados Block Device mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md

scaleIO

ScaleIOVolumeSource

ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.

secret

SecretVolumeSource

Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret

storageos

StorageOSVolumeSource

StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.

vsphereVolume

VsphereVirtualDiskVolumeSource

VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine

VsphereVirtualDiskVolumeSource [v1/core]

The following table describes the parameters for VsphereVirtualDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

storagePolicyID

string

Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.

storagePolicyName

string

Storage Policy Based Management (SPBM) profile name.

volumePath

string

Path that identifies vSphere volume vmdk

StorageOSVolumeSource [v1/core]

The following table describes the parameters for StorageOSVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.

volumeName

string

VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.

volumeNamespace

string

VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod’s namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.

LocalObjectReference [v1/core]

The following table describes the parameters for LocalObjectReference object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

SecretVolumeSource [v1/core]

The following table describes the parameters for SecretVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

optional

boolean

Specify whether the Secret or its keys must be defined

secretName

string

Name of the secret in the pod’s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret

KeyToPath [v1/core]

The following table describes the parameters for KeyToPath object:

Field Type Description

key

string

The key to project.

mode

integer

Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

path

string

The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.

ScaleIOVolumeSource [v1/core]

The following table describes the parameters for ScaleIOVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".

gateway

string

The host address of the ScaleIO API Gateway.

protectionDomain

string

The name of the ScaleIO Protection Domain for the configured storage.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.

sslEnabled

boolean

Flag to enable/disable SSL communication with Gateway, default false

storageMode

string

Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.

storagePool

string

The ScaleIO Storage Pool associated with the protection domain.

system

string

The name of the storage system as configured in ScaleIO.

volumeName

string

The name of a volume already created in the ScaleIO system that is associated with this volume source.

RBDVolumeSource [v1/core]

The following table describes the parameters for RBDVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd

image

string

The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

keyring

string

Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

monitors

string array

A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

pool

string

The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

secretRef

LocalObjectReference

SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

user

string

The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

QuobyteVolumeSource [v1/core]

The following table describes the parameters for QuobyteVolumeSource object:

Field Type Description

group

string

Group to map volume access to Default is no group

readOnly

boolean

ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.

registry

string

Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes

tenant

string

Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin

user

string

User to map volume access to Defaults to serivceaccount user

volume

string

Volume is a string that references an already created Quobyte volume by name.

ProjectedVolumeSource [v1/core]

The following table describes the parameters for ProjectedVolumeSource object:

Field Type Description

defaultMode

integer

Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

sources

VolumeProjection array

list of volume projections

VolumeProjection [v1/core]

The following table describes the parameters for VolumeProjection object:

Field Type Description

configMap

ConfigMapProjection

information about the configMap data to project

downwardAPI

DownwardAPIProjection

information about the downwardAPI data to project

secret

SecretProjection

information about the secret data to project

serviceAccountToken

ServiceAccountTokenProjection

information about the serviceAccountToken data to project

ServiceAccountTokenProjection [v1/core]

The following table describes the parameters for ServiceAccountTokenProjection object:

Field Type Description

audience

string

Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.

expirationSeconds

integer

ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.

path

string

Path is the path relative to the mount point of the file to project the token into.

SecretProjection [v1/core]

The following table describes the parameters for SecretProjection object:

Field Type Description

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

DownwardAPIProjection [v1/core]

The following table describes the parameters for DownwardAPIProjection object:

Field Type Description

items

DownwardAPIVolumeFile array

Items is a list of DownwardAPIVolume file

DownwardAPIVolumeFile [v1/core]

The following table describes the parameters for DownwardAPIVolumeFile object:

Field Type Description

fieldRef

ObjectFieldSelector

Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.

mode

integer

Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

path

string

Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'

resourceFieldRef

ResourceFieldSelector

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.

ResourceFieldSelector [v1/core]

The following table describes the parameters for ResourceFieldSelector object:

Field Type Description

containerName

string

Container name: required for volumes, optional for env vars

divisor

Quantity

Specifies the output format of the exposed resources, defaults to "1"

resource

string

Required: resource to select

Quantity [resource/core]

The following table describes the parameters for Quantity object:

Field

Type

Description

ObjectFieldSelector [v1/core]

The following table describes the parameters for ObjectFieldSelector object:

Field Type Description

apiVersion

string

Version of the schema the FieldPath is written in terms of, defaults to "v1".

fieldPath

string

Path of the field to select in the specified API version.

ConfigMapProjection [v1/core]

The following table describes the parameters for ConfigMapProjection object:

Field Type Description

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its keys must be defined

PortworxVolumeSource [v1/core]

The following table describes the parameters for PortworxVolumeSource object:

Field Type Description

fsType

string

FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

volumeID

string

VolumeID uniquely identifies a Portworx volume

PhotonPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for PhotonPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

pdID

string

ID that identifies Photon Controller persistent disk

PersistentVolumeClaimVolumeSource [v1/core]

The following table describes the parameters for PersistentVolumeClaimVolumeSource object:

Field Type Description

claimName

string

ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

readOnly

boolean

Will force the ReadOnly setting in VolumeMounts. Default false.

NFSVolumeSource [v1/core]

The following table describes the parameters for NFSVolumeSource object:

Field Type Description

path

string

Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

readOnly

boolean

ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

server

string

Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

ISCSIVolumeSource [v1/core]

The following table describes the parameters for ISCSIVolumeSource object:

Field Type Description

chapAuthDiscovery

boolean

whether support iSCSI Discovery CHAP authentication

chapAuthSession

boolean

whether support iSCSI Session CHAP authentication

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi

initiatorName

string

Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.

iqn

string

Target iSCSI Qualified Name.

iscsiInterface

string

iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).

lun

integer

iSCSI Target Lun number.

portals

string array

iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.

secretRef

LocalObjectReference

CHAP Secret for iSCSI target and initiator authentication

targetPortal

string

iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

HostPathVolumeSource [v1/core]

The following table describes the parameters for HostPathVolumeSource object:

Field Type Description

path

string

Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

type

string

Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

GlusterfsVolumeSource [v1/core]

The following table describes the parameters for GlusterfsVolumeSource object:

Field Type Description

endpoints

string

EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

path

string

Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

readOnly

boolean

ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

GitRepoVolumeSource [v1/core]

The following table describes the parameters for GitRepoVolumeSource object:

Field Type Description

directory

string

Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.

repository

string

Repository URL

revision

string

Commit hash for the specified revision.

GCEPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for GCEPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

pdName

string

Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

FlockerVolumeSource [v1/core]

The following table describes the parameters for FlockerVolumeSource object:

Field Type Description

datasetName

string

Name of the dataset stored as metadata → name on the dataset for Flocker should be considered as deprecated

datasetUUID

string

UUID of the dataset. This is unique identifier of a Flocker dataset

FlexVolumeSource [v1/core]

The following table describes the parameters for FlexVolumeSource object:

Field Type Description

driver

string

Driver is the name of the driver to use for this volume.

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.

options

object

Optional: Extra command options if any.

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.

FCVolumeSource [v1/core]

The following table describes the parameters for FCVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

lun

integer

Optional: FC target lun number

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

targetWWNs

string array

Optional: FC target worldwide names (WWNs)

wwids

string array

Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.

EmptyDirVolumeSource [v1/core]

The following table describes the parameters for EmptyDirVolumeSource object:

Field Type Description

medium

string

What type of storage medium should back this directory. The default is "" which means to use the node’s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir

sizeLimit

Quantity

Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir

DownwardAPIVolumeSource [v1/core]

The following table describes the parameters for DownwardAPIVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

DownwardAPIVolumeFile array

Items is a list of downward API volume file

CSIVolumeSource [v1/core]

The following table describes the parameters for CSIVolumeSource object:

Field Type Description

driver

string

Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.

fsType

string

Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.

nodePublishSecretRef

LocalObjectReference

NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.

readOnly

boolean

Specifies a read-only configuration for the volume. Defaults to false (read/write).

volumeAttributes

object

VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver’s documentation for supported values.

ConfigMapVolumeSource [v1/core]

The following table describes the parameters for ConfigMapVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its keys must be defined

CinderVolumeSource [v1/core]

The following table describes the parameters for CinderVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

secretRef

LocalObjectReference

Optional: points to a secret object containing parameters used to connect to RHOSP.

volumeID

string

volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

CephFSVolumeSource [v1/core]

The following table describes the parameters for CephFSVolumeSource object:

Field Type Description

monitors

string array

Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

path

string

Optional: Used as the mounted root, rather than the full Ceph tree, default is /

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretFile

string

Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretRef

LocalObjectReference

Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

user

string

Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

AzureFileVolumeSource [v1/core]

The following table describes the parameters for AzureFileVolumeSource object:

Field Type Description

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretName

string

the name of secret that contains Azure Storage Account Name and Key

shareName

string

Share Name

AzureDiskVolumeSource [v1/core]

The following table describes the parameters for AzureDiskVolumeSource object:

Field Type Description

cachingMode

string

Host Caching mode: None, Read Only, Read Write.

diskName

string

The Name of the data disk in the blob storage

diskURI

string

The URI the data disk in the blob storage

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

kind

string

Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

AWSElasticBlockStoreVolumeSource [v1/core]

The following table describes the parameters for AWSElasticBlockStoreVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).

readOnly

boolean

Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

volumeID

string

Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

TopologySpreadConstraint [v1/core]

The following table describes the parameters for TopologySpreadConstraint object:

Field Type Description

labelSelector

LabelSelector

LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.

maxSkew

integer

MaxSkew describes the degree to which pods may be unevenly distributed. It’s the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0:

zone1

zone2

zone3

P

- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It’s a required field. Default value is 1 and 0 is not allowed.

topologyKey

string

TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. It’s a required field.

whenUnsatisfiable

string

WhenUnsatisfiable indicates how to deal with a pod if it doesn’t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It’s considered as "Unsatisfiable" if and only if placing incoming pod on any topology violates "MaxSkew". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1:

zone1

zone2

zone3

P P P

P

LabelSelector [v1/meta]

The following table describes the parameters for LabelSelector object:

Field Type Description

matchExpressions

LabelSelectorRequirement array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchLabels

object

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

LabelSelectorRequirement [v1/meta]

The following table describes the parameters for LabelSelectorRequirement object:

Field Type Description

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

string array

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

Toleration [v1/core]

The following table describes the parameters for Toleration object:

Field Type Description

effect

string

Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.

key

string

Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.

operator

string

Operator represents a key’s relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.

tolerationSeconds

integer

TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.

value

string

Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.

PodSecurityContext [v1/core]

The following table describes the parameters for PodSecurityContext object:

Field Type Description

fsGroup

integer

A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:

1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR’d with rw-rw----

If unset, the Kubelet will not modify the ownership and permissions of any volume.

runAsGroup

integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

runAsNonRoot

boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser

integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

seLinuxOptions

SELinuxOptions

The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

supplementalGroups

integer array

A list of groups applied to the first process run in each container, in addition to the container’s primary GID. If unspecified, no groups will be added to any container.

sysctls

Sysctl array

Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch.

windowsOptions

WindowsSecurityContextOptions

The Windows specific settings applied to all containers. If unspecified, the options within a container’s SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

WindowsSecurityContextOptions [v1/core]

The following table describes the parameters for WindowsSecurityContextOptions object:

Field Type Description

gmsaCredentialSpec

string

GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.

gmsaCredentialSpecName

string

GMSACredentialSpecName is the name of the GMSA credential spec to use. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.

runAsUserName

string

The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. This field is alpha-level and it is only honored by servers that enable the WindowsRunAsUserName feature flag.

Sysctl [v1/core]

The following table describes the parameters for Sysctl object:

Field Type Description

name

string

Name of a property to set

value

string

Value of a property to set

SELinuxOptions [v1/core]

The following table describes the parameters for SELinuxOptions object:

Field Type Description

level

string

Level is SELinux level label that applies to the container.

role

string

Role is a SELinux role label that applies to the container.

type

string

Type is a SELinux type label that applies to the container.

user

string

User is a SELinux user label that applies to the container.

PodReadinessGate [v1/core]

The following table describes the parameters for PodReadinessGate object:

Field Type Description

conditionType

string

ConditionType refers to a condition in the pod’s condition list with matching type.

HostAlias [v1/core]

The following table describes the parameters for HostAlias object:

Field Type Description

hostnames

string array

Hostnames for the above IP address.

ip

string

IP address of the host file entry.

EphemeralContainer [v1/core]

The following table describes the parameters for EphemeralContainer object:

Field Type Description

args

string array

Arguments to the entrypoint. The docker image’s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

command

string array

Entrypoint array. Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

env

EnvVar array

List of environment variables to set in the container. Cannot be updated.

envFrom

EnvFromSource array

List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.

image

string

Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images

imagePullPolicy

string

Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images

lifecycle

Lifecycle

Lifecycle is not allowed for ephemeral containers.

livenessProbe

Probe

Probes are not allowed for ephemeral containers.

name

string

Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.

ports

ContainerPort array

Ports are not allowed for ephemeral containers.

readinessProbe

Probe

Probes are not allowed for ephemeral containers.

resources

ResourceRequirements

Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.

securityContext

SecurityContext

SecurityContext is not allowed for ephemeral containers.

startupProbe

Probe

Probes are not allowed for ephemeral containers.

stdin

boolean

Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.

stdinOnce

boolean

Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false

targetContainerName

string

If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container is run in whatever namespaces are shared for the pod. Note that the container runtime must support this feature.

terminationMessagePath

string

Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.

terminationMessagePolicy

string

Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.

tty

boolean

Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.

volumeDevices

VolumeDevice array

volumeDevices is the list of block devices to be used by the container. This is a beta feature.

volumeMounts

VolumeMount array

Pod volumes to mount into the container’s filesystem. Cannot be updated.

workingDir

string

Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.

VolumeMount [v1/core]

The following table describes the parameters for VolumeMount object:

Field Type Description

mountPath

string

Path within the container at which the volume should be mounted. Must not contain ':'.

mountPropagation

string

mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.

name

string

This must match the Name of a Volume.

readOnly

boolean

Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.

subPath

string

Path within the volume from which the container’s volume should be mounted. Defaults to "" (volume’s root).

subPathExpr

string

Expanded path within the volume from which the container’s volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container’s environment. Defaults to "" (volume’s root). SubPathExpr and SubPath are mutually exclusive. This field is beta in 1.15.

VolumeDevice [v1/core]

The following table describes the parameters for VolumeDevice object:

Field Type Description

devicePath

string

devicePath is the path inside of the container that the device will be mapped to.

name

string

name must match the name of a persistentVolumeClaim in the pod

SecurityContext [v1/core]

The following table describes the parameters for SecurityContext object:

Field Type Description

allowPrivilegeEscalation

boolean

AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN

capabilities

Capabilities

The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.

privileged

boolean

Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.

procMount

string

procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.

readOnlyRootFilesystem

boolean

Whether this container has a read-only root filesystem. Default is false.

runAsGroup

integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsNonRoot

boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser

integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

seLinuxOptions

SELinuxOptions

The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

windowsOptions

WindowsSecurityContextOptions

The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

Capabilities [v1/core]

The following table describes the parameters for Capabilities object:

Field Type Description

add

string array

Added capabilities

drop

string array

Removed capabilities

ResourceRequirements [v1/core]

The following table describes the parameters for ResourceRequirements object:

Field Type Description

limits

object

Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

requests

object

Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

ContainerPort [v1/core]

The following table describes the parameters for ContainerPort object:

Field Type Description

containerPort

integer

Number of port to expose on the pod’s IP address. This must be a valid port number, 0 < x < 65536.

hostIP

string

What host IP to bind the external port to.

hostPort

integer

Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.

name

string

If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.

protocol

string

Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".

Probe [v1/core]

The following table describes the parameters for Probe object:

Field Type Description

exec

ExecAction

One and only one of the following should be specified. Exec specifies the action to take.

failureThreshold

integer

Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.

httpGet

HTTPGetAction

HTTPGet specifies the http request to perform.

initialDelaySeconds

integer

Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

periodSeconds

integer

How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.

successThreshold

integer

Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

tcpSocket

TCPSocketAction

TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported

timeoutSeconds

integer

Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

TCPSocketAction [v1/core]

The following table describes the parameters for TCPSocketAction object:

Field Type Description

host

string

Optional: Host name to connect to, defaults to the pod IP.

port

Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

HTTPGetAction [v1/core]

The following table describes the parameters for HTTPGetAction object:

Field Type Description

host

string

Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.

httpHeaders

HTTPHeader array

Custom headers to set in the request. HTTP allows repeated headers.

path

string

Path to access on the HTTP server.

port

Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

scheme

string

Scheme to use for connecting to the host. Defaults to HTTP.

HTTPHeader [v1/core]

The following table describes the parameters for HTTPHeader object:

Field Type Description

name

string

The header field name

value

string

The header field value

ExecAction [v1/core]

The following table describes the parameters for ExecAction object:

Field Type Description

command

string array

Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('

Lifecycle [v1/core]

The following table describes the parameters for Lifecycle object:

Field Type Description

postStart

Handler

PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

preStop

Handler

PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod’s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod’s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

Handler [v1/core]

The following table describes the parameters for Handler object:

Field Type Description

exec

ExecAction

One and only one of the following should be specified. Exec specifies the action to take.

httpGet

HTTPGetAction

HTTPGet specifies the http request to perform.

tcpSocket

TCPSocketAction

TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported

EnvFromSource [v1/core]

The following table describes the parameters for EnvFromSource object:

Field Type Description

configMapRef

ConfigMapEnvSource

The ConfigMap to select from

prefix

string

An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.

secretRef

SecretEnvSource

The Secret to select from

SecretEnvSource [v1/core]

The following table describes the parameters for SecretEnvSource object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret must be defined

ConfigMapEnvSource [v1/core]

The following table describes the parameters for ConfigMapEnvSource object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap must be defined

EnvVar [v1/core]

The following table describes the parameters for EnvVar object:

Field Type Description

name

string

Name of the environment variable. Must be a C_IDENTIFIER.

value

string

Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".

valueFrom

EnvVarSource

Source for the environment variable’s value. Cannot be used if value is not empty.

EnvVarSource [v1/core]

The following table describes the parameters for EnvVarSource object:

Field Type Description

configMapKeyRef

ConfigMapKeySelector

Selects a key of a ConfigMap.

fieldRef

ObjectFieldSelector

Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP.

resourceFieldRef

ResourceFieldSelector

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.

secretKeyRef

SecretKeySelector

Selects a key of a secret in the pod’s namespace

SecretKeySelector [v1/core]

The following table describes the parameters for SecretKeySelector object:

Field Type Description

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

ConfigMapKeySelector [v1/core]

The following table describes the parameters for ConfigMapKeySelector object:

Field Type Description

key

string

The key to select.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its key must be defined

PodDNSConfig [v1/core]

The following table describes the parameters for PodDNSConfig object:

Field Type Description

nameservers

string array

A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.

options

PodDNSConfigOption array

A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.

searches

string array

A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.

PodDNSConfigOption [v1/core]

The following table describes the parameters for PodDNSConfigOption object:

Field Type Description

name

string

Required.

value

string

Container [v1/core]

The following table describes the parameters for Container object:

Field Type Description

args

string array

Arguments to the entrypoint. The docker image’s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

command

string array

Entrypoint array. Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

env

EnvVar array

List of environment variables to set in the container. Cannot be updated.

envFrom

EnvFromSource array

List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.

image

string

Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.

imagePullPolicy

string

Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images

lifecycle

Lifecycle

Actions that the management system should take in response to container lifecycle events. Cannot be updated.

livenessProbe

Probe

Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

name

string

Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.

ports

ContainerPort array

List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated.

readinessProbe

Probe

Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

resources

ResourceRequirements

Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

securityContext

SecurityContext

Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

startupProbe

Probe

StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod’s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is an alpha feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

stdin

boolean

Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.

stdinOnce

boolean

Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false

terminationMessagePath

string

Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.

terminationMessagePolicy

string

Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.

tty

boolean

Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.

volumeDevices

VolumeDevice array

volumeDevices is the list of block devices to be used by the container. This is a beta feature.

volumeMounts

VolumeMount array

Pod volumes to mount into the container’s filesystem. Cannot be updated.

workingDir

string

Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.

Affinity [v1/core]

The following table describes the parameters for Affinity object:

Field Type Description

nodeAffinity

NodeAffinity

Describes node affinity scheduling rules for the pod.

podAffinity

PodAffinity

Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).

podAntiAffinity

PodAntiAffinity

Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).

PodAntiAffinity [v1/core]

The following table describes the parameters for PodAntiAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

WeightedPodAffinityTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

PodAffinityTerm array

If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

PodAffinityTerm [v1/core]

The following table describes the parameters for PodAffinityTerm object:

Field Type Description

labelSelector

LabelSelector

A label query over a set of resources, in this case pods.

namespaces

string array

namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod’s namespace"

topologyKey

string

This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.

WeightedPodAffinityTerm [v1/core]

The following table describes the parameters for WeightedPodAffinityTerm object:

Field Type Description

podAffinityTerm

PodAffinityTerm

Required. A pod affinity term, associated with the corresponding weight.

weight

integer

weight associated with matching the corresponding podAffinityTerm, in the range 1-100.

PodAffinity [v1/core]

The following table describes the parameters for PodAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

WeightedPodAffinityTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

PodAffinityTerm array

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

NodeAffinity [v1/core]

The following table describes the parameters for NodeAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

PreferredSchedulingTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

NodeSelector

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.

NodeSelector [v1/core]

The following table describes the parameters for NodeSelector object:

Field Type Description

nodeSelectorTerms

NodeSelectorTerm array

Required. A list of node selector terms. The terms are ORed.

NodeSelectorTerm [v1/core]

The following table describes the parameters for NodeSelectorTerm object:

Field Type Description

matchExpressions

NodeSelectorRequirement array

A list of node selector requirements by node’s labels.

matchFields

NodeSelectorRequirement array

A list of node selector requirements by node’s fields.

NodeSelectorRequirement [v1/core]

The following table describes the parameters for NodeSelectorRequirement object:

Field Type Description

key

string

The label key that the selector applies to.

operator

string

Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.

values

string array

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.

PreferredSchedulingTerm [v1/core]

The following table describes the parameters for PreferredSchedulingTerm object:

Field Type Description

preference

NodeSelectorTerm

A node selector term, associated with the corresponding weight.

weight

integer

Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a Deployment

HTTP request

post /apis/apps/v1/namespaces/{namespace}/deployments

Table 938. HTTP body
Object	Type
`body`	Deployment

Table 939. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 940. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 941. HTTP responses
Code	Type
200 - OK	Deployment
201 - Created	Deployment
202 - Accepted	Deployment

Patch

partially update the specified Deployment

HTTP request

patch /apis/apps/v1/namespaces/{namespace}/deployments/{name}

Table 942. HTTP body
Object	Type
`body`	Patch

Table 943. Path parameters
Parameter	Description
`name`	name of the Deployment
`namespace`	object name and auth scope, such as for teams and projects

Table 944. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 945. HTTP responses
Code	Type
200 - OK	Deployment

Replace

replace the specified Deployment

HTTP request

put /apis/apps/v1/namespaces/{namespace}/deployments/{name}

Table 946. HTTP body
Object	Type
`body`	Deployment

Table 947. Path parameters
Parameter	Description
`name`	name of the Deployment
`namespace`	object name and auth scope, such as for teams and projects

Table 948. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 949. HTTP responses
Code	Type
200 - OK	Deployment
201 - Created	Deployment

Delete

delete a Deployment

HTTP request

delete /apis/apps/v1/namespaces/{namespace}/deployments/{name}

Table 950. HTTP body
Object	Type
`body`	DeleteOptions

Table 951. Path parameters
Parameter	Description
`name`	name of the Deployment
`namespace`	object name and auth scope, such as for teams and projects

Table 952. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 953. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of Deployment

HTTP request

delete /apis/apps/v1/namespaces/{namespace}/deployments

Table 954. HTTP body
Object	Type
`body`	DeleteOptions

Table 955. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 956. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 957. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified Deployment

HTTP request

get /apis/apps/v1/namespaces/{namespace}/deployments/{name}

Table 958. Path parameters
Parameter	Description
`name`	name of the Deployment
`namespace`	object name and auth scope, such as for teams and projects

Table 959. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 960. HTTP responses
Code	Type
200 - OK	Deployment

List

list or watch objects of kind Deployment

HTTP request

get /apis/apps/v1/namespaces/{namespace}/deployments

Table 961. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 962. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 963. HTTP responses
Code	Type
200 - OK	DeploymentList

List All Namespaces

list or watch objects of kind Deployment

HTTP request

get /apis/apps/v1/deployments

Table 964. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 965. HTTP responses
Code	Type
200 - OK	DeploymentList

Watch

watch changes to an object of kind Deployment. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /apis/apps/v1/watch/namespaces/{namespace}/deployments/{name}

Table 966. Path parameters
Parameter	Description
`name`	name of the Deployment
`namespace`	object name and auth scope, such as for teams and projects

Table 967. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 968. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of Deployment. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/apps/v1/watch/namespaces/{namespace}/deployments

Table 969. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 970. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 971. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List All Namespaces

watch individual changes to a list of Deployment. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/apps/v1/watch/deployments

Table 972. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 973. HTTP responses
Code	Type
200 - OK	WatchEvent

Status Operations

Patch Status

partially update status of the specified Deployment

HTTP request

patch /apis/apps/v1/namespaces/{namespace}/deployments/{name}/status

Table 974. HTTP body
Object	Type
`body`	Patch

Table 975. Path parameters
Parameter	Description
`name`	name of the Deployment
`namespace`	object name and auth scope, such as for teams and projects

Table 976. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 977. HTTP responses
Code	Type
200 - OK	Deployment

Read Status

read status of the specified Deployment

HTTP request

get /apis/apps/v1/namespaces/{namespace}/deployments/{name}/status

Table 978. Path parameters
Parameter	Description
`name`	name of the Deployment
`namespace`	object name and auth scope, such as for teams and projects

Table 979. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 980. HTTP responses
Code	Type
200 - OK	Deployment

Replace Status

replace status of the specified Deployment

HTTP request

put /apis/apps/v1/namespaces/{namespace}/deployments/{name}/status

Table 981. HTTP body
Object	Type
`body`	Deployment

Table 982. Path parameters
Parameter	Description
`name`	name of the Deployment
`namespace`	object name and auth scope, such as for teams and projects

Table 983. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 984. HTTP responses
Code	Type
200 - OK	Deployment
201 - Created	Deployment

Misc Operations

Read Scale

read scale of the specified Deployment

HTTP request

get /apis/apps/v1/namespaces/{namespace}/deployments/{name}/scale

Table 985. Path parameters
Parameter	Description
`name`	name of the Scale
`namespace`	object name and auth scope, such as for teams and projects

Table 986. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 987. HTTP responses
Code	Type
200 - OK	Scale

Replace Scale

replace scale of the specified Deployment

HTTP request

put /apis/apps/v1/namespaces/{namespace}/deployments/{name}/scale

Table 988. HTTP body
Object	Type
`body`	Scale

Table 989. Path parameters
Parameter	Description
`name`	name of the Scale
`namespace`	object name and auth scope, such as for teams and projects

Table 990. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 991. HTTP responses
Code	Type
200 - OK	Scale
201 - Created	Scale

Patch Scale

partially update scale of the specified Deployment

HTTP request

patch /apis/apps/v1/namespaces/{namespace}/deployments/{name}/scale

Table 992. HTTP body
Object	Type
`body`	Patch

Table 993. Path parameters
Parameter	Description
`name`	name of the Scale
`namespace`	object name and auth scope, such as for teams and projects

Table 994. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 995. HTTP responses
Code	Type
200 - OK	Scale

ReplicaSet v1 apps

Appears in

ReplicaSetList [apps/v1]

Definitions

ReplicaSet [v1/apps]

The following table describes the parameters for the ReplicaSet object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

If the Labels of a ReplicaSet are empty, they are defaulted to be the same as the Pod(s) that the ReplicaSet manages. Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

ReplicaSetSpec

Spec defines the specification of the desired behavior of the ReplicaSet. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

status

ReplicaSetStatus

Status is the most recently observed status of the ReplicaSet. This data may be out of date by some window of time. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

ReplicaSetSpec [v1/apps]

The following table describes the parameters for ReplicaSetSpec object:

Field Type Description

minReadySeconds

integer

Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)

replicas

integer

Replicas is the number of desired replicas. This is a pointer to distinguish between explicit zero and unspecified. Defaults to 1. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller

selector

LabelSelector

Selector is a label query over pods that should match the replica count. Label keys and values that must match in order to be controlled by this replica set. It must match the pod template’s labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors

template

PodTemplateSpec

Template is the object that describes the pod that will be created if insufficient replicas are detected. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template

ReplicaSetStatus [v1/apps]

The following table describes the parameters for ReplicaSetStatus object:

Field Type Description

availableReplicas

integer

The number of available replicas (ready for at least minReadySeconds) for this replica set.

conditions

ReplicaSetCondition array

Represents the latest available observations of a replica set’s current state.

fullyLabeledReplicas

integer

The number of pods that have labels matching the labels of the pod template of the replicaset.

observedGeneration

integer

ObservedGeneration reflects the generation of the most recently observed ReplicaSet.

readyReplicas

integer

The number of ready replicas for this replica set.

replicas

integer

Replicas is the most recently oberved number of replicas. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller

ReplicaSetList [v1/apps]

The following table describes the parameters for ReplicaSetList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

ReplicaSet array

List of ReplicaSets. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

ReplicaSetCondition [v1/apps]

The following table describes the parameters for ReplicaSetCondition object:

Field Type Description

lastTransitionTime

Time

The last time the condition transitioned from one status to another.

message

string

A human readable message indicating details about the transition.

reason

string

The reason for the condition’s last transition.

status

string

Status of the condition, one of True, False, Unknown.

type

string

Type of replica set condition.

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

PodTemplateSpec [v1/core]

The following table describes the parameters for PodTemplateSpec object:

Field Type Description

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

PodSpec

Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

PodSpec [v1/core]

The following table describes the parameters for PodSpec object:

Field Type Description

activeDeadlineSeconds

integer

Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.

affinity

Affinity

If specified, the pod’s scheduling constraints

automountServiceAccountToken

boolean

AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.

containers

Container array

List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.

dnsConfig

PodDNSConfig

Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.

dnsPolicy

string

Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.

enableServiceLinks

boolean

EnableServiceLinks indicates whether information about services should be injected into pod’s environment variables, matching the syntax of Docker links. Optional: Defaults to true.

ephemeralContainers

EphemeralContainer array

List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod’s ephemeralcontainers subresource. This field is alpha-level and is only honored by servers that enable the EphemeralContainers feature.

hostAliases

HostAlias array

HostAliases is an optional list of hosts and IPs that will be injected into the pod’s hosts file if specified. This is only valid for non-hostNetwork pods.

hostIPC

boolean

Use the host’s ipc namespace. Optional: Default to false.

hostNetwork

boolean

Host networking requested for this pod. Use the host’s network namespace. If this option is set, the ports that will be used must be specified. Default to false.

hostPID

boolean

Use the host’s pid namespace. Optional: Default to false.

hostname

string

Specifies the hostname of the Pod If not specified, the pod’s hostname will be set to a system-defined value.

imagePullSecrets

LocalObjectReference array

ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod

initContainers

Container array

List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

nodeName

string

NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.

nodeSelector

object

NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node’s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/

overhead

object

Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md This field is alpha-level as of Kubernetes v1.16, and is only honored by servers that enable the PodOverhead feature.

preemptionPolicy

string

PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. This field is alpha-level and is only honored by servers that enable the NonPreemptingPriority feature.

priority

integer

The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.

priorityClassName

string

If specified, indicates the pod’s priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.

readinessGates

PodReadinessGate array

If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md

restartPolicy

string

Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy

runtimeClassName

string

RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md This is a beta feature as of Kubernetes v1.14.

schedulerName

string

If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.

securityContext

PodSecurityContext

SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.

serviceAccount

string

DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.

serviceAccountName

string

ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

shareProcessNamespace

boolean

Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false. This field is beta-level and may be disabled with the PodShareProcessNamespace feature.

subdomain

string

If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not specified, the pod will not have a domainname at all.

terminationGracePeriodSeconds

integer

Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.

tolerations

Toleration array

If specified, the pod’s tolerations.

topologySpreadConstraints

TopologySpreadConstraint array

TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. This field is alpha-level and is only honored by clusters that enables the EvenPodsSpread feature. All topologySpreadConstraints are ANDed.

volumes

Volume array

List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes

Volume [v1/core]

The following table describes the parameters for Volume object:

Field Type Description

awsElasticBlockStore

AWSElasticBlockStoreVolumeSource

AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

azureDisk

AzureDiskVolumeSource

AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.

azureFile

AzureFileVolumeSource

AzureFile represents an Azure File Service mount on the host and bind mount to the pod.

cephfs

CephFSVolumeSource

CephFS represents a Ceph FS mount on the host that shares a pod’s lifetime

cinder

CinderVolumeSource

Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

configMap

ConfigMapVolumeSource

ConfigMap represents a configMap that should populate this volume

csi

CSIVolumeSource

CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature).

downwardAPI

DownwardAPIVolumeSource

DownwardAPI represents downward API about the pod that should populate this volume

emptyDir

EmptyDirVolumeSource

EmptyDir represents a temporary directory that shares a pod’s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir

fc

FCVolumeSource

FC represents a Fibre Channel resource that is attached to a kubelet’s host machine and then exposed to the pod.

flexVolume

FlexVolumeSource

FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.

flocker

FlockerVolumeSource

Flocker represents a Flocker volume attached to a kubelet’s host machine. This depends on the Flocker control service being running

gcePersistentDisk

GCEPersistentDiskVolumeSource

GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

gitRepo

GitRepoVolumeSource

GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod’s container.

glusterfs

GlusterfsVolumeSource

Glusterfs represents a Glusterfs mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md

hostPath

HostPathVolumeSource

HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

iscsi

ISCSIVolumeSource

ISCSI represents an ISCSI Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md

name

string

Volume’s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

nfs

NFSVolumeSource

NFS represents an NFS mount on the host that shares a pod’s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

persistentVolumeClaim

PersistentVolumeClaimVolumeSource

PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

photonPersistentDisk

PhotonPersistentDiskVolumeSource

PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine

portworxVolume

PortworxVolumeSource

PortworxVolume represents a portworx volume attached and mounted on kubelets host machine

projected

ProjectedVolumeSource

Items for all in one resources secrets, configmaps, and downward API

quobyte

QuobyteVolumeSource

Quobyte represents a Quobyte mount on the host that shares a pod’s lifetime

rbd

RBDVolumeSource

RBD represents a Rados Block Device mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md

scaleIO

ScaleIOVolumeSource

ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.

secret

SecretVolumeSource

Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret

storageos

StorageOSVolumeSource

StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.

vsphereVolume

VsphereVirtualDiskVolumeSource

VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine

VsphereVirtualDiskVolumeSource [v1/core]

The following table describes the parameters for VsphereVirtualDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

storagePolicyID

string

Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.

storagePolicyName

string

Storage Policy Based Management (SPBM) profile name.

volumePath

string

Path that identifies vSphere volume vmdk

StorageOSVolumeSource [v1/core]

The following table describes the parameters for StorageOSVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.

volumeName

string

VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.

volumeNamespace

string

VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod’s namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.

LocalObjectReference [v1/core]

The following table describes the parameters for LocalObjectReference object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

SecretVolumeSource [v1/core]

The following table describes the parameters for SecretVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

optional

boolean

Specify whether the Secret or its keys must be defined

secretName

string

Name of the secret in the pod’s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret

KeyToPath [v1/core]

The following table describes the parameters for KeyToPath object:

Field Type Description

key

string

The key to project.

mode

integer

Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

path

string

The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.

ScaleIOVolumeSource [v1/core]

The following table describes the parameters for ScaleIOVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".

gateway

string

The host address of the ScaleIO API Gateway.

protectionDomain

string

The name of the ScaleIO Protection Domain for the configured storage.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.

sslEnabled

boolean

Flag to enable/disable SSL communication with Gateway, default false

storageMode

string

Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.

storagePool

string

The ScaleIO Storage Pool associated with the protection domain.

system

string

The name of the storage system as configured in ScaleIO.

volumeName

string

The name of a volume already created in the ScaleIO system that is associated with this volume source.

RBDVolumeSource [v1/core]

The following table describes the parameters for RBDVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd

image

string

The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

keyring

string

Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

monitors

string array

A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

pool

string

The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

secretRef

LocalObjectReference

SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

user

string

The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

QuobyteVolumeSource [v1/core]

The following table describes the parameters for QuobyteVolumeSource object:

Field Type Description

group

string

Group to map volume access to Default is no group

readOnly

boolean

ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.

registry

string

Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes

tenant

string

Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin

user

string

User to map volume access to Defaults to serivceaccount user

volume

string

Volume is a string that references an already created Quobyte volume by name.

ProjectedVolumeSource [v1/core]

The following table describes the parameters for ProjectedVolumeSource object:

Field Type Description

defaultMode

integer

Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

sources

VolumeProjection array

list of volume projections

VolumeProjection [v1/core]

The following table describes the parameters for VolumeProjection object:

Field Type Description

configMap

ConfigMapProjection

information about the configMap data to project

downwardAPI

DownwardAPIProjection

information about the downwardAPI data to project

secret

SecretProjection

information about the secret data to project

serviceAccountToken

ServiceAccountTokenProjection

information about the serviceAccountToken data to project

ServiceAccountTokenProjection [v1/core]

The following table describes the parameters for ServiceAccountTokenProjection object:

Field Type Description

audience

string

Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.

expirationSeconds

integer

ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.

path

string

Path is the path relative to the mount point of the file to project the token into.

SecretProjection [v1/core]

The following table describes the parameters for SecretProjection object:

Field Type Description

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

DownwardAPIProjection [v1/core]

The following table describes the parameters for DownwardAPIProjection object:

Field Type Description

items

DownwardAPIVolumeFile array

Items is a list of DownwardAPIVolume file

DownwardAPIVolumeFile [v1/core]

The following table describes the parameters for DownwardAPIVolumeFile object:

Field Type Description

fieldRef

ObjectFieldSelector

Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.

mode

integer

Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

path

string

Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'

resourceFieldRef

ResourceFieldSelector

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.

ResourceFieldSelector [v1/core]

The following table describes the parameters for ResourceFieldSelector object:

Field Type Description

containerName

string

Container name: required for volumes, optional for env vars

divisor

Quantity

Specifies the output format of the exposed resources, defaults to "1"

resource

string

Required: resource to select

Quantity [resource/core]

The following table describes the parameters for Quantity object:

Field

Type

Description

ObjectFieldSelector [v1/core]

The following table describes the parameters for ObjectFieldSelector object:

Field Type Description

apiVersion

string

Version of the schema the FieldPath is written in terms of, defaults to "v1".

fieldPath

string

Path of the field to select in the specified API version.

ConfigMapProjection [v1/core]

The following table describes the parameters for ConfigMapProjection object:

Field Type Description

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its keys must be defined

PortworxVolumeSource [v1/core]

The following table describes the parameters for PortworxVolumeSource object:

Field Type Description

fsType

string

FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

volumeID

string

VolumeID uniquely identifies a Portworx volume

PhotonPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for PhotonPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

pdID

string

ID that identifies Photon Controller persistent disk

PersistentVolumeClaimVolumeSource [v1/core]

The following table describes the parameters for PersistentVolumeClaimVolumeSource object:

Field Type Description

claimName

string

ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

readOnly

boolean

Will force the ReadOnly setting in VolumeMounts. Default false.

NFSVolumeSource [v1/core]

The following table describes the parameters for NFSVolumeSource object:

Field Type Description

path

string

Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

readOnly

boolean

ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

server

string

Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

ISCSIVolumeSource [v1/core]

The following table describes the parameters for ISCSIVolumeSource object:

Field Type Description

chapAuthDiscovery

boolean

whether support iSCSI Discovery CHAP authentication

chapAuthSession

boolean

whether support iSCSI Session CHAP authentication

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi

initiatorName

string

Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.

iqn

string

Target iSCSI Qualified Name.

iscsiInterface

string

iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).

lun

integer

iSCSI Target Lun number.

portals

string array

iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.

secretRef

LocalObjectReference

CHAP Secret for iSCSI target and initiator authentication

targetPortal

string

iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

HostPathVolumeSource [v1/core]

The following table describes the parameters for HostPathVolumeSource object:

Field Type Description

path

string

Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

type

string

Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

GlusterfsVolumeSource [v1/core]

The following table describes the parameters for GlusterfsVolumeSource object:

Field Type Description

endpoints

string

EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

path

string

Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

readOnly

boolean

ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

GitRepoVolumeSource [v1/core]

The following table describes the parameters for GitRepoVolumeSource object:

Field Type Description

directory

string

Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.

repository

string

Repository URL

revision

string

Commit hash for the specified revision.

GCEPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for GCEPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

pdName

string

Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

FlockerVolumeSource [v1/core]

The following table describes the parameters for FlockerVolumeSource object:

Field Type Description

datasetName

string

Name of the dataset stored as metadata → name on the dataset for Flocker should be considered as deprecated

datasetUUID

string

UUID of the dataset. This is unique identifier of a Flocker dataset

FlexVolumeSource [v1/core]

The following table describes the parameters for FlexVolumeSource object:

Field Type Description

driver

string

Driver is the name of the driver to use for this volume.

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.

options

object

Optional: Extra command options if any.

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.

FCVolumeSource [v1/core]

The following table describes the parameters for FCVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

lun

integer

Optional: FC target lun number

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

targetWWNs

string array

Optional: FC target worldwide names (WWNs)

wwids

string array

Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.

EmptyDirVolumeSource [v1/core]

The following table describes the parameters for EmptyDirVolumeSource object:

Field Type Description

medium

string

What type of storage medium should back this directory. The default is "" which means to use the node’s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir

sizeLimit

Quantity

Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir

DownwardAPIVolumeSource [v1/core]

The following table describes the parameters for DownwardAPIVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

DownwardAPIVolumeFile array

Items is a list of downward API volume file

CSIVolumeSource [v1/core]

The following table describes the parameters for CSIVolumeSource object:

Field Type Description

driver

string

Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.

fsType

string

Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.

nodePublishSecretRef

LocalObjectReference

NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.

readOnly

boolean

Specifies a read-only configuration for the volume. Defaults to false (read/write).

volumeAttributes

object

VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver’s documentation for supported values.

ConfigMapVolumeSource [v1/core]

The following table describes the parameters for ConfigMapVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its keys must be defined

CinderVolumeSource [v1/core]

The following table describes the parameters for CinderVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

secretRef

LocalObjectReference

Optional: points to a secret object containing parameters used to connect to RHOSP.

volumeID

string

volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

CephFSVolumeSource [v1/core]

The following table describes the parameters for CephFSVolumeSource object:

Field Type Description

monitors

string array

Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

path

string

Optional: Used as the mounted root, rather than the full Ceph tree, default is /

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretFile

string

Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretRef

LocalObjectReference

Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

user

string

Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

AzureFileVolumeSource [v1/core]

The following table describes the parameters for AzureFileVolumeSource object:

Field Type Description

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretName

string

the name of secret that contains Azure Storage Account Name and Key

shareName

string

Share Name

AzureDiskVolumeSource [v1/core]

The following table describes the parameters for AzureDiskVolumeSource object:

Field Type Description

cachingMode

string

Host Caching mode: None, Read Only, Read Write.

diskName

string

The Name of the data disk in the blob storage

diskURI

string

The URI the data disk in the blob storage

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

kind

string

Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

AWSElasticBlockStoreVolumeSource [v1/core]

The following table describes the parameters for AWSElasticBlockStoreVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).

readOnly

boolean

Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

volumeID

string

Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

TopologySpreadConstraint [v1/core]

The following table describes the parameters for TopologySpreadConstraint object:

Field Type Description

labelSelector

LabelSelector

LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.

maxSkew

integer

MaxSkew describes the degree to which pods may be unevenly distributed. It’s the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0:

zone1

zone2

zone3

P

- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It’s a required field. Default value is 1 and 0 is not allowed.

topologyKey

string

TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. It’s a required field.

whenUnsatisfiable

string

WhenUnsatisfiable indicates how to deal with a pod if it doesn’t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It’s considered as "Unsatisfiable" if and only if placing incoming pod on any topology violates "MaxSkew". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1:

zone1

zone2

zone3

P P P

P

LabelSelector [v1/meta]

The following table describes the parameters for LabelSelector object:

Field Type Description

matchExpressions

LabelSelectorRequirement array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchLabels

object

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

LabelSelectorRequirement [v1/meta]

The following table describes the parameters for LabelSelectorRequirement object:

Field Type Description

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

string array

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

Toleration [v1/core]

The following table describes the parameters for Toleration object:

Field Type Description

effect

string

Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.

key

string

Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.

operator

string

Operator represents a key’s relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.

tolerationSeconds

integer

TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.

value

string

Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.

PodSecurityContext [v1/core]

The following table describes the parameters for PodSecurityContext object:

Field Type Description

fsGroup

integer

A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:

1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR’d with rw-rw----

If unset, the Kubelet will not modify the ownership and permissions of any volume.

runAsGroup

integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

runAsNonRoot

boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser

integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

seLinuxOptions

SELinuxOptions

The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

supplementalGroups

integer array

A list of groups applied to the first process run in each container, in addition to the container’s primary GID. If unspecified, no groups will be added to any container.

sysctls

Sysctl array

Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch.

windowsOptions

WindowsSecurityContextOptions

The Windows specific settings applied to all containers. If unspecified, the options within a container’s SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

WindowsSecurityContextOptions [v1/core]

The following table describes the parameters for WindowsSecurityContextOptions object:

Field Type Description

gmsaCredentialSpec

string

GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.

gmsaCredentialSpecName

string

GMSACredentialSpecName is the name of the GMSA credential spec to use. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.

runAsUserName

string

The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. This field is alpha-level and it is only honored by servers that enable the WindowsRunAsUserName feature flag.

Sysctl [v1/core]

The following table describes the parameters for Sysctl object:

Field Type Description

name

string

Name of a property to set

value

string

Value of a property to set

SELinuxOptions [v1/core]

The following table describes the parameters for SELinuxOptions object:

Field Type Description

level

string

Level is SELinux level label that applies to the container.

role

string

Role is a SELinux role label that applies to the container.

type

string

Type is a SELinux type label that applies to the container.

user

string

User is a SELinux user label that applies to the container.

PodReadinessGate [v1/core]

The following table describes the parameters for PodReadinessGate object:

Field Type Description

conditionType

string

ConditionType refers to a condition in the pod’s condition list with matching type.

HostAlias [v1/core]

The following table describes the parameters for HostAlias object:

Field Type Description

hostnames

string array

Hostnames for the above IP address.

ip

string

IP address of the host file entry.

EphemeralContainer [v1/core]

The following table describes the parameters for EphemeralContainer object:

Field Type Description

args

string array

Arguments to the entrypoint. The docker image’s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

command

string array

Entrypoint array. Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

env

EnvVar array

List of environment variables to set in the container. Cannot be updated.

envFrom

EnvFromSource array

List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.

image

string

Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images

imagePullPolicy

string

Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images

lifecycle

Lifecycle

Lifecycle is not allowed for ephemeral containers.

livenessProbe

Probe

Probes are not allowed for ephemeral containers.

name

string

Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.

ports

ContainerPort array

Ports are not allowed for ephemeral containers.

readinessProbe

Probe

Probes are not allowed for ephemeral containers.

resources

ResourceRequirements

Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.

securityContext

SecurityContext

SecurityContext is not allowed for ephemeral containers.

startupProbe

Probe

Probes are not allowed for ephemeral containers.

stdin

boolean

Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.

stdinOnce

boolean

Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false

targetContainerName

string

If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container is run in whatever namespaces are shared for the pod. Note that the container runtime must support this feature.

terminationMessagePath

string

Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.

terminationMessagePolicy

string

Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.

tty

boolean

Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.

volumeDevices

VolumeDevice array

volumeDevices is the list of block devices to be used by the container. This is a beta feature.

volumeMounts

VolumeMount array

Pod volumes to mount into the container’s filesystem. Cannot be updated.

workingDir

string

Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.

VolumeMount [v1/core]

The following table describes the parameters for VolumeMount object:

Field Type Description

mountPath

string

Path within the container at which the volume should be mounted. Must not contain ':'.

mountPropagation

string

mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.

name

string

This must match the Name of a Volume.

readOnly

boolean

Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.

subPath

string

Path within the volume from which the container’s volume should be mounted. Defaults to "" (volume’s root).

subPathExpr

string

Expanded path within the volume from which the container’s volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container’s environment. Defaults to "" (volume’s root). SubPathExpr and SubPath are mutually exclusive. This field is beta in 1.15.

VolumeDevice [v1/core]

The following table describes the parameters for VolumeDevice object:

Field Type Description

devicePath

string

devicePath is the path inside of the container that the device will be mapped to.

name

string

name must match the name of a persistentVolumeClaim in the pod

SecurityContext [v1/core]

The following table describes the parameters for SecurityContext object:

Field Type Description

allowPrivilegeEscalation

boolean

AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN

capabilities

Capabilities

The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.

privileged

boolean

Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.

procMount

string

procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.

readOnlyRootFilesystem

boolean

Whether this container has a read-only root filesystem. Default is false.

runAsGroup

integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsNonRoot

boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser

integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

seLinuxOptions

SELinuxOptions

The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

windowsOptions

WindowsSecurityContextOptions

The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

Capabilities [v1/core]

The following table describes the parameters for Capabilities object:

Field Type Description

add

string array

Added capabilities

drop

string array

Removed capabilities

ResourceRequirements [v1/core]

The following table describes the parameters for ResourceRequirements object:

Field Type Description

limits

object

Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

requests

object

Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

ContainerPort [v1/core]

The following table describes the parameters for ContainerPort object:

Field Type Description

containerPort

integer

Number of port to expose on the pod’s IP address. This must be a valid port number, 0 < x < 65536.

hostIP

string

What host IP to bind the external port to.

hostPort

integer

Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.

name

string

If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.

protocol

string

Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".

Probe [v1/core]

The following table describes the parameters for Probe object:

Field Type Description

exec

ExecAction

One and only one of the following should be specified. Exec specifies the action to take.

failureThreshold

integer

Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.

httpGet

HTTPGetAction

HTTPGet specifies the http request to perform.

initialDelaySeconds

integer

Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

periodSeconds

integer

How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.

successThreshold

integer

Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

tcpSocket

TCPSocketAction

TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported

timeoutSeconds

integer

Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

TCPSocketAction [v1/core]

The following table describes the parameters for TCPSocketAction object:

Field Type Description

host

string

Optional: Host name to connect to, defaults to the pod IP.

port

Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

HTTPGetAction [v1/core]

The following table describes the parameters for HTTPGetAction object:

Field Type Description

host

string

Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.

httpHeaders

HTTPHeader array

Custom headers to set in the request. HTTP allows repeated headers.

path

string

Path to access on the HTTP server.

port

Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

scheme

string

Scheme to use for connecting to the host. Defaults to HTTP.

HTTPHeader [v1/core]

The following table describes the parameters for HTTPHeader object:

Field Type Description

name

string

The header field name

value

string

The header field value

ExecAction [v1/core]

The following table describes the parameters for ExecAction object:

Field Type Description

command

string array

Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('

Lifecycle [v1/core]

The following table describes the parameters for Lifecycle object:

Field Type Description

postStart

Handler

PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

preStop

Handler

PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod’s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod’s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

Handler [v1/core]

The following table describes the parameters for Handler object:

Field Type Description

exec

ExecAction

One and only one of the following should be specified. Exec specifies the action to take.

httpGet

HTTPGetAction

HTTPGet specifies the http request to perform.

tcpSocket

TCPSocketAction

TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported

EnvFromSource [v1/core]

The following table describes the parameters for EnvFromSource object:

Field Type Description

configMapRef

ConfigMapEnvSource

The ConfigMap to select from

prefix

string

An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.

secretRef

SecretEnvSource

The Secret to select from

SecretEnvSource [v1/core]

The following table describes the parameters for SecretEnvSource object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret must be defined

ConfigMapEnvSource [v1/core]

The following table describes the parameters for ConfigMapEnvSource object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap must be defined

EnvVar [v1/core]

The following table describes the parameters for EnvVar object:

Field Type Description

name

string

Name of the environment variable. Must be a C_IDENTIFIER.

value

string

Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".

valueFrom

EnvVarSource

Source for the environment variable’s value. Cannot be used if value is not empty.

EnvVarSource [v1/core]

The following table describes the parameters for EnvVarSource object:

Field Type Description

configMapKeyRef

ConfigMapKeySelector

Selects a key of a ConfigMap.

fieldRef

ObjectFieldSelector

Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP.

resourceFieldRef

ResourceFieldSelector

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.

secretKeyRef

SecretKeySelector

Selects a key of a secret in the pod’s namespace

SecretKeySelector [v1/core]

The following table describes the parameters for SecretKeySelector object:

Field Type Description

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

ConfigMapKeySelector [v1/core]

The following table describes the parameters for ConfigMapKeySelector object:

Field Type Description

key

string

The key to select.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its key must be defined

PodDNSConfig [v1/core]

The following table describes the parameters for PodDNSConfig object:

Field Type Description

nameservers

string array

A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.

options

PodDNSConfigOption array

A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.

searches

string array

A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.

PodDNSConfigOption [v1/core]

The following table describes the parameters for PodDNSConfigOption object:

Field Type Description

name

string

Required.

value

string

Container [v1/core]

The following table describes the parameters for Container object:

Field Type Description

args

string array

Arguments to the entrypoint. The docker image’s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

command

string array

Entrypoint array. Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

env

EnvVar array

List of environment variables to set in the container. Cannot be updated.

envFrom

EnvFromSource array

List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.

image

string

Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.

imagePullPolicy

string

Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images

lifecycle

Lifecycle

Actions that the management system should take in response to container lifecycle events. Cannot be updated.

livenessProbe

Probe

Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

name

string

Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.

ports

ContainerPort array

List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated.

readinessProbe

Probe

Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

resources

ResourceRequirements

Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

securityContext

SecurityContext

Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

startupProbe

Probe

StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod’s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is an alpha feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

stdin

boolean

Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.

stdinOnce

boolean

Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false

terminationMessagePath

string

Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.

terminationMessagePolicy

string

Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.

tty

boolean

Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.

volumeDevices

VolumeDevice array

volumeDevices is the list of block devices to be used by the container. This is a beta feature.

volumeMounts

VolumeMount array

Pod volumes to mount into the container’s filesystem. Cannot be updated.

workingDir

string

Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.

Affinity [v1/core]

The following table describes the parameters for Affinity object:

Field Type Description

nodeAffinity

NodeAffinity

Describes node affinity scheduling rules for the pod.

podAffinity

PodAffinity

Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).

podAntiAffinity

PodAntiAffinity

Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).

PodAntiAffinity [v1/core]

The following table describes the parameters for PodAntiAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

WeightedPodAffinityTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

PodAffinityTerm array

If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

PodAffinityTerm [v1/core]

The following table describes the parameters for PodAffinityTerm object:

Field Type Description

labelSelector

LabelSelector

A label query over a set of resources, in this case pods.

namespaces

string array

namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod’s namespace"

topologyKey

string

This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.

WeightedPodAffinityTerm [v1/core]

The following table describes the parameters for WeightedPodAffinityTerm object:

Field Type Description

podAffinityTerm

PodAffinityTerm

Required. A pod affinity term, associated with the corresponding weight.

weight

integer

weight associated with matching the corresponding podAffinityTerm, in the range 1-100.

PodAffinity [v1/core]

The following table describes the parameters for PodAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

WeightedPodAffinityTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

PodAffinityTerm array

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

NodeAffinity [v1/core]

The following table describes the parameters for NodeAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

PreferredSchedulingTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

NodeSelector

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.

NodeSelector [v1/core]

The following table describes the parameters for NodeSelector object:

Field Type Description

nodeSelectorTerms

NodeSelectorTerm array

Required. A list of node selector terms. The terms are ORed.

NodeSelectorTerm [v1/core]

The following table describes the parameters for NodeSelectorTerm object:

Field Type Description

matchExpressions

NodeSelectorRequirement array

A list of node selector requirements by node’s labels.

matchFields

NodeSelectorRequirement array

A list of node selector requirements by node’s fields.

NodeSelectorRequirement [v1/core]

The following table describes the parameters for NodeSelectorRequirement object:

Field Type Description

key

string

The label key that the selector applies to.

operator

string

Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.

values

string array

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.

PreferredSchedulingTerm [v1/core]

The following table describes the parameters for PreferredSchedulingTerm object:

Field Type Description

preference

NodeSelectorTerm

A node selector term, associated with the corresponding weight.

weight

integer

Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a ReplicaSet

HTTP request

post /apis/apps/v1/namespaces/{namespace}/replicasets

Table 996. HTTP body
Object	Type
`body`	ReplicaSet

Table 997. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 998. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 999. HTTP responses
Code	Type
200 - OK	ReplicaSet
201 - Created	ReplicaSet
202 - Accepted	ReplicaSet

Patch

partially update the specified ReplicaSet

HTTP request

patch /apis/apps/v1/namespaces/{namespace}/replicasets/{name}

Table 1000. HTTP body
Object	Type
`body`	Patch

Table 1001. Path parameters
Parameter	Description
`name`	name of the ReplicaSet
`namespace`	object name and auth scope, such as for teams and projects

Table 1002. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1003. HTTP responses
Code	Type
200 - OK	ReplicaSet

Replace

replace the specified ReplicaSet

HTTP request

put /apis/apps/v1/namespaces/{namespace}/replicasets/{name}

Table 1004. HTTP body
Object	Type
`body`	ReplicaSet

Table 1005. Path parameters
Parameter	Description
`name`	name of the ReplicaSet
`namespace`	object name and auth scope, such as for teams and projects

Table 1006. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1007. HTTP responses
Code	Type
200 - OK	ReplicaSet
201 - Created	ReplicaSet

Delete

delete a ReplicaSet

HTTP request

delete /apis/apps/v1/namespaces/{namespace}/replicasets/{name}

Table 1008. HTTP body
Object	Type
`body`	DeleteOptions

Table 1009. Path parameters
Parameter	Description
`name`	name of the ReplicaSet
`namespace`	object name and auth scope, such as for teams and projects

Table 1010. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 1011. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of ReplicaSet

HTTP request

delete /apis/apps/v1/namespaces/{namespace}/replicasets

Table 1012. HTTP body
Object	Type
`body`	DeleteOptions

Table 1013. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1014. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1015. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified ReplicaSet

HTTP request

get /apis/apps/v1/namespaces/{namespace}/replicasets/{name}

Table 1016. Path parameters
Parameter	Description
`name`	name of the ReplicaSet
`namespace`	object name and auth scope, such as for teams and projects

Table 1017. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 1018. HTTP responses
Code	Type
200 - OK	ReplicaSet

List

list or watch objects of kind ReplicaSet

HTTP request

get /apis/apps/v1/namespaces/{namespace}/replicasets

Table 1019. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1020. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1021. HTTP responses
Code	Type
200 - OK	ReplicaSetList

List All Namespaces

list or watch objects of kind ReplicaSet

HTTP request

get /apis/apps/v1/replicasets

Table 1022. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1023. HTTP responses
Code	Type
200 - OK	ReplicaSetList

Watch

watch changes to an object of kind ReplicaSet. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /apis/apps/v1/watch/namespaces/{namespace}/replicasets/{name}

Table 1024. Path parameters
Parameter	Description
`name`	name of the ReplicaSet
`namespace`	object name and auth scope, such as for teams and projects

Table 1025. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1026. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of ReplicaSet. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/apps/v1/watch/namespaces/{namespace}/replicasets

Table 1027. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1028. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1029. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List All Namespaces

watch individual changes to a list of ReplicaSet. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/apps/v1/watch/replicasets

Table 1030. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1031. HTTP responses
Code	Type
200 - OK	WatchEvent

Status Operations

Patch Status

partially update status of the specified ReplicaSet

HTTP request

patch /apis/apps/v1/namespaces/{namespace}/replicasets/{name}/status

Table 1032. HTTP body
Object	Type
`body`	Patch

Table 1033. Path parameters
Parameter	Description
`name`	name of the ReplicaSet
`namespace`	object name and auth scope, such as for teams and projects

Table 1034. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1035. HTTP responses
Code	Type
200 - OK	ReplicaSet

Read Status

read status of the specified ReplicaSet

HTTP request

get /apis/apps/v1/namespaces/{namespace}/replicasets/{name}/status

Table 1036. Path parameters
Parameter	Description
`name`	name of the ReplicaSet
`namespace`	object name and auth scope, such as for teams and projects

Table 1037. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 1038. HTTP responses
Code	Type
200 - OK	ReplicaSet

Replace Status

replace status of the specified ReplicaSet

HTTP request

put /apis/apps/v1/namespaces/{namespace}/replicasets/{name}/status

Table 1039. HTTP body
Object	Type
`body`	ReplicaSet

Table 1040. Path parameters
Parameter	Description
`name`	name of the ReplicaSet
`namespace`	object name and auth scope, such as for teams and projects

Table 1041. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1042. HTTP responses
Code	Type
200 - OK	ReplicaSet
201 - Created	ReplicaSet

Misc Operations

Read Scale

read scale of the specified ReplicaSet

HTTP request

get /apis/apps/v1/namespaces/{namespace}/replicasets/{name}/scale

Table 1043. Path parameters
Parameter	Description
`name`	name of the Scale
`namespace`	object name and auth scope, such as for teams and projects

Table 1044. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 1045. HTTP responses
Code	Type
200 - OK	Scale

Replace Scale

replace scale of the specified ReplicaSet

HTTP request

put /apis/apps/v1/namespaces/{namespace}/replicasets/{name}/scale

Table 1046. HTTP body
Object	Type
`body`	Scale

Table 1047. Path parameters
Parameter	Description
`name`	name of the Scale
`namespace`	object name and auth scope, such as for teams and projects

Table 1048. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1049. HTTP responses
Code	Type
200 - OK	Scale
201 - Created	Scale

Patch Scale

partially update scale of the specified ReplicaSet

HTTP request

patch /apis/apps/v1/namespaces/{namespace}/replicasets/{name}/scale

Table 1050. HTTP body
Object	Type
`body`	Patch

Table 1051. Path parameters
Parameter	Description
`name`	name of the Scale
`namespace`	object name and auth scope, such as for teams and projects

Table 1052. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1053. HTTP responses
Code	Type
200 - OK	Scale

StatefulSet v1 apps

Appears in

StatefulSetList [apps/v1]

Definitions

StatefulSet [v1/apps]

The following table describes the parameters for the StatefulSet object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

spec

StatefulSetSpec

Spec defines the desired identities of pods in this set.

status

StatefulSetStatus

Status is the current status of Pods in this StatefulSet. This data may be out of date by some window of time.

StatefulSetSpec [v1/apps]

The following table describes the parameters for StatefulSetSpec object:

Field Type Description

podManagementPolicy

string

podManagementPolicy controls how pods are created during initial scale up, when replacing pods on nodes, or when scaling down. The default policy is OrderedReady, where pods are created in increasing order (pod-0, then pod-1, etc) and the controller will wait until each pod is ready before continuing. When scaling down, the pods are removed in the opposite order. The alternative policy is Parallel which will create pods in parallel to match the desired scale without waiting, and on scale down will delete all pods at once.

replicas

integer

replicas is the desired number of replicas of the given Template. These are replicas in the sense that they are instantiations of the same Template, but individual replicas also have a consistent identity. If unspecified, defaults to 1.

revisionHistoryLimit

integer

revisionHistoryLimit is the maximum number of revisions that will be maintained in the StatefulSet’s revision history. The revision history consists of all revisions not represented by a currently applied StatefulSetSpec version. The default value is 10.

selector

LabelSelector

selector is a label query over pods that should match the replica count. It must match the pod template’s labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors

serviceName

string

serviceName is the name of the service that governs this StatefulSet. This service must exist before the StatefulSet, and is responsible for the network identity of the set. Pods get DNS/hostnames that follow the pattern: pod-specific-string.serviceName.default.svc.cluster.local where "pod-specific-string" is managed by the StatefulSet controller.

template

PodTemplateSpec

template is the object that describes the pod that will be created if insufficient replicas are detected. Each pod stamped out by the StatefulSet will fulfill this Template, but have a unique identity from the rest of the StatefulSet.

updateStrategy

StatefulSetUpdateStrategy

updateStrategy indicates the StatefulSetUpdateStrategy that will be employed to update Pods in the StatefulSet when a revision is made to Template.

volumeClaimTemplates

PersistentVolumeClaim array

volumeClaimTemplates is a list of claims that pods are allowed to reference. The StatefulSet controller is responsible for mapping network identities to claims in a way that maintains the identity of a pod. Every claim in this list must have at least one matching (by name) volumeMount in one container in the template. A claim in this list takes precedence over any volumes in the template, with the same name.

StatefulSetStatus [v1/apps]

The following table describes the parameters for StatefulSetStatus object:

Field Type Description

collisionCount

integer

collisionCount is the count of hash collisions for the StatefulSet. The StatefulSet controller uses this field as a collision avoidance mechanism when it needs to create the name for the newest ControllerRevision.

conditions

StatefulSetCondition array

Represents the latest available observations of a statefulset’s current state.

currentReplicas

integer

currentReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version indicated by currentRevision.

currentRevision

string

currentRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the sequence [0,currentReplicas).

observedGeneration

integer

observedGeneration is the most recent generation observed for this StatefulSet. It corresponds to the StatefulSet’s generation, which is updated on mutation by the API Server.

readyReplicas

integer

readyReplicas is the number of Pods created by the StatefulSet controller that have a Ready Condition.

replicas

integer

replicas is the number of Pods created by the StatefulSet controller.

updateRevision

string

updateRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the sequence [replicas-updatedReplicas,replicas)

updatedReplicas

integer

updatedReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version indicated by updateRevision.

StatefulSetList [v1/apps]

The following table describes the parameters for StatefulSetList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

StatefulSet array

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

StatefulSetCondition [v1/apps]

The following table describes the parameters for StatefulSetCondition object:

Field Type Description

lastTransitionTime

Time

Last time the condition transitioned from one status to another.

message

string

A human readable message indicating details about the transition.

reason

string

The reason for the condition’s last transition.

status

string

Status of the condition, one of True, False, Unknown.

type

string

Type of statefulset condition.

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

PersistentVolumeClaim [v1/core]

The following table describes the parameters for PersistentVolumeClaim object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

PersistentVolumeClaimSpec

Spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

status

PersistentVolumeClaimStatus

Status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

PersistentVolumeClaimStatus [v1/core]

The following table describes the parameters for PersistentVolumeClaimStatus object:

Field Type Description

accessModes

string array

AccessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1

capacity

object

Represents the actual resources of the underlying volume.

conditions

PersistentVolumeClaimCondition array

Current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'.

phase

string

Phase represents the current phase of PersistentVolumeClaim.

PersistentVolumeClaimCondition [v1/core]

The following table describes the parameters for PersistentVolumeClaimCondition object:

Field Type Description

lastProbeTime

Time

Last time we probed the condition.

lastTransitionTime

Time

Last time the condition transitioned from one status to another.

message

string

Human-readable message indicating details about last transition.

reason

string

Unique, this should be a short, machine understandable string that gives the reason for condition’s last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized.

status

string

type

string

PersistentVolumeClaimSpec [v1/core]

The following table describes the parameters for PersistentVolumeClaimSpec object:

Field Type Description

accessModes

string array

AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1

dataSource

TypedLocalObjectReference

This field requires the VolumeSnapshotDataSource alpha feature gate to be enabled and currently VolumeSnapshot is the only supported data source. If the provisioner can support VolumeSnapshot data source, it will create a new volume and data will be restored to the volume at the same time. If the provisioner does not support VolumeSnapshot data source, volume will not be created and the failure will be reported as an event. In the future, we plan to support more data source types and the behavior of the provisioner may change.

resources

ResourceRequirements

Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources

selector

LabelSelector

A label query over volumes to consider for binding.

storageClassName

string

Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1

volumeMode

string

volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. This is a beta feature.

volumeName

string

VolumeName is the binding reference to the PersistentVolume backing this claim.

LabelSelector [v1/meta]

The following table describes the parameters for LabelSelector object:

Field Type Description

matchExpressions

LabelSelectorRequirement array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchLabels

object

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

LabelSelectorRequirement [v1/meta]

The following table describes the parameters for LabelSelectorRequirement object:

Field Type Description

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

string array

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

ResourceRequirements [v1/core]

The following table describes the parameters for ResourceRequirements object:

Field Type Description

limits

object

Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

requests

object

Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

TypedLocalObjectReference [v1/core]

The following table describes the parameters for TypedLocalObjectReference object:

Field Type Description

apiGroup

string

APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.

kind

string

Kind is the type of resource being referenced

name

string

Name is the name of resource being referenced

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

StatefulSetUpdateStrategy [v1/apps]

The following table describes the parameters for StatefulSetUpdateStrategy object:

Field Type Description

rollingUpdate

RollingUpdateStatefulSetStrategy

RollingUpdate is used to communicate parameters when Type is RollingUpdateStatefulSetStrategyType.

type

string

Type indicates the type of the StatefulSetUpdateStrategy. Default is RollingUpdate.

RollingUpdateStatefulSetStrategy [v1/apps]

The following table describes the parameters for RollingUpdateStatefulSetStrategy object:

Field Type Description

partition

integer

Partition indicates the ordinal at which the StatefulSet should be partitioned. Default value is 0.

PodTemplateSpec [v1/core]

The following table describes the parameters for PodTemplateSpec object:

Field Type Description

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

PodSpec

Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

PodSpec [v1/core]

The following table describes the parameters for PodSpec object:

Field Type Description

activeDeadlineSeconds

integer

Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.

affinity

Affinity

If specified, the pod’s scheduling constraints

automountServiceAccountToken

boolean

AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.

containers

Container array

List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.

dnsConfig

PodDNSConfig

Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.

dnsPolicy

string

Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.

enableServiceLinks

boolean

EnableServiceLinks indicates whether information about services should be injected into pod’s environment variables, matching the syntax of Docker links. Optional: Defaults to true.

ephemeralContainers

EphemeralContainer array

List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod’s ephemeralcontainers subresource. This field is alpha-level and is only honored by servers that enable the EphemeralContainers feature.

hostAliases

HostAlias array

HostAliases is an optional list of hosts and IPs that will be injected into the pod’s hosts file if specified. This is only valid for non-hostNetwork pods.

hostIPC

boolean

Use the host’s ipc namespace. Optional: Default to false.

hostNetwork

boolean

Host networking requested for this pod. Use the host’s network namespace. If this option is set, the ports that will be used must be specified. Default to false.

hostPID

boolean

Use the host’s pid namespace. Optional: Default to false.

hostname

string

Specifies the hostname of the Pod If not specified, the pod’s hostname will be set to a system-defined value.

imagePullSecrets

LocalObjectReference array

ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod

initContainers

Container array

List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

nodeName

string

NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.

nodeSelector

object

NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node’s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/

overhead

object

Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md This field is alpha-level as of Kubernetes v1.16, and is only honored by servers that enable the PodOverhead feature.

preemptionPolicy

string

PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. This field is alpha-level and is only honored by servers that enable the NonPreemptingPriority feature.

priority

integer

The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.

priorityClassName

string

If specified, indicates the pod’s priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.

readinessGates

PodReadinessGate array

If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md

restartPolicy

string

Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy

runtimeClassName

string

RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md This is a beta feature as of Kubernetes v1.14.

schedulerName

string

If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.

securityContext

PodSecurityContext

SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.

serviceAccount

string

DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.

serviceAccountName

string

ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

shareProcessNamespace

boolean

Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false. This field is beta-level and may be disabled with the PodShareProcessNamespace feature.

subdomain

string

If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not specified, the pod will not have a domainname at all.

terminationGracePeriodSeconds

integer

Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.

tolerations

Toleration array

If specified, the pod’s tolerations.

topologySpreadConstraints

TopologySpreadConstraint array

TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. This field is alpha-level and is only honored by clusters that enables the EvenPodsSpread feature. All topologySpreadConstraints are ANDed.

volumes

Volume array

List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes

Volume [v1/core]

The following table describes the parameters for Volume object:

Field Type Description

awsElasticBlockStore

AWSElasticBlockStoreVolumeSource

AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

azureDisk

AzureDiskVolumeSource

AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.

azureFile

AzureFileVolumeSource

AzureFile represents an Azure File Service mount on the host and bind mount to the pod.

cephfs

CephFSVolumeSource

CephFS represents a Ceph FS mount on the host that shares a pod’s lifetime

cinder

CinderVolumeSource

Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

configMap

ConfigMapVolumeSource

ConfigMap represents a configMap that should populate this volume

csi

CSIVolumeSource

CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature).

downwardAPI

DownwardAPIVolumeSource

DownwardAPI represents downward API about the pod that should populate this volume

emptyDir

EmptyDirVolumeSource

EmptyDir represents a temporary directory that shares a pod’s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir

fc

FCVolumeSource

FC represents a Fibre Channel resource that is attached to a kubelet’s host machine and then exposed to the pod.

flexVolume

FlexVolumeSource

FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.

flocker

FlockerVolumeSource

Flocker represents a Flocker volume attached to a kubelet’s host machine. This depends on the Flocker control service being running

gcePersistentDisk

GCEPersistentDiskVolumeSource

GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

gitRepo

GitRepoVolumeSource

GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod’s container.

glusterfs

GlusterfsVolumeSource

Glusterfs represents a Glusterfs mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md

hostPath

HostPathVolumeSource

HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

iscsi

ISCSIVolumeSource

ISCSI represents an ISCSI Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md

name

string

Volume’s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

nfs

NFSVolumeSource

NFS represents an NFS mount on the host that shares a pod’s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

persistentVolumeClaim

PersistentVolumeClaimVolumeSource

PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

photonPersistentDisk

PhotonPersistentDiskVolumeSource

PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine

portworxVolume

PortworxVolumeSource

PortworxVolume represents a portworx volume attached and mounted on kubelets host machine

projected

ProjectedVolumeSource

Items for all in one resources secrets, configmaps, and downward API

quobyte

QuobyteVolumeSource

Quobyte represents a Quobyte mount on the host that shares a pod’s lifetime

rbd

RBDVolumeSource

RBD represents a Rados Block Device mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md

scaleIO

ScaleIOVolumeSource

ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.

secret

SecretVolumeSource

Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret

storageos

StorageOSVolumeSource

StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.

vsphereVolume

VsphereVirtualDiskVolumeSource

VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine

VsphereVirtualDiskVolumeSource [v1/core]

The following table describes the parameters for VsphereVirtualDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

storagePolicyID

string

Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.

storagePolicyName

string

Storage Policy Based Management (SPBM) profile name.

volumePath

string

Path that identifies vSphere volume vmdk

StorageOSVolumeSource [v1/core]

The following table describes the parameters for StorageOSVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.

volumeName

string

VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.

volumeNamespace

string

VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod’s namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.

LocalObjectReference [v1/core]

The following table describes the parameters for LocalObjectReference object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

SecretVolumeSource [v1/core]

The following table describes the parameters for SecretVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

optional

boolean

Specify whether the Secret or its keys must be defined

secretName

string

Name of the secret in the pod’s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret

KeyToPath [v1/core]

The following table describes the parameters for KeyToPath object:

Field Type Description

key

string

The key to project.

mode

integer

Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

path

string

The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.

ScaleIOVolumeSource [v1/core]

The following table describes the parameters for ScaleIOVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".

gateway

string

The host address of the ScaleIO API Gateway.

protectionDomain

string

The name of the ScaleIO Protection Domain for the configured storage.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.

sslEnabled

boolean

Flag to enable/disable SSL communication with Gateway, default false

storageMode

string

Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.

storagePool

string

The ScaleIO Storage Pool associated with the protection domain.

system

string

The name of the storage system as configured in ScaleIO.

volumeName

string

The name of a volume already created in the ScaleIO system that is associated with this volume source.

RBDVolumeSource [v1/core]

The following table describes the parameters for RBDVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd

image

string

The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

keyring

string

Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

monitors

string array

A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

pool

string

The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

secretRef

LocalObjectReference

SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

user

string

The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

QuobyteVolumeSource [v1/core]

The following table describes the parameters for QuobyteVolumeSource object:

Field Type Description

group

string

Group to map volume access to Default is no group

readOnly

boolean

ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.

registry

string

Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes

tenant

string

Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin

user

string

User to map volume access to Defaults to serivceaccount user

volume

string

Volume is a string that references an already created Quobyte volume by name.

ProjectedVolumeSource [v1/core]

The following table describes the parameters for ProjectedVolumeSource object:

Field Type Description

defaultMode

integer

Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

sources

VolumeProjection array

list of volume projections

VolumeProjection [v1/core]

The following table describes the parameters for VolumeProjection object:

Field Type Description

configMap

ConfigMapProjection

information about the configMap data to project

downwardAPI

DownwardAPIProjection

information about the downwardAPI data to project

secret

SecretProjection

information about the secret data to project

serviceAccountToken

ServiceAccountTokenProjection

information about the serviceAccountToken data to project

ServiceAccountTokenProjection [v1/core]

The following table describes the parameters for ServiceAccountTokenProjection object:

Field Type Description

audience

string

Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.

expirationSeconds

integer

ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.

path

string

Path is the path relative to the mount point of the file to project the token into.

SecretProjection [v1/core]

The following table describes the parameters for SecretProjection object:

Field Type Description

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

DownwardAPIProjection [v1/core]

The following table describes the parameters for DownwardAPIProjection object:

Field Type Description

items

DownwardAPIVolumeFile array

Items is a list of DownwardAPIVolume file

DownwardAPIVolumeFile [v1/core]

The following table describes the parameters for DownwardAPIVolumeFile object:

Field Type Description

fieldRef

ObjectFieldSelector

Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.

mode

integer

Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

path

string

Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'

resourceFieldRef

ResourceFieldSelector

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.

ResourceFieldSelector [v1/core]

The following table describes the parameters for ResourceFieldSelector object:

Field Type Description

containerName

string

Container name: required for volumes, optional for env vars

divisor

Quantity

Specifies the output format of the exposed resources, defaults to "1"

resource

string

Required: resource to select

Quantity [resource/core]

The following table describes the parameters for Quantity object:

Field

Type

Description

ObjectFieldSelector [v1/core]

The following table describes the parameters for ObjectFieldSelector object:

Field Type Description

apiVersion

string

Version of the schema the FieldPath is written in terms of, defaults to "v1".

fieldPath

string

Path of the field to select in the specified API version.

ConfigMapProjection [v1/core]

The following table describes the parameters for ConfigMapProjection object:

Field Type Description

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its keys must be defined

PortworxVolumeSource [v1/core]

The following table describes the parameters for PortworxVolumeSource object:

Field Type Description

fsType

string

FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

volumeID

string

VolumeID uniquely identifies a Portworx volume

PhotonPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for PhotonPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

pdID

string

ID that identifies Photon Controller persistent disk

PersistentVolumeClaimVolumeSource [v1/core]

The following table describes the parameters for PersistentVolumeClaimVolumeSource object:

Field Type Description

claimName

string

ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

readOnly

boolean

Will force the ReadOnly setting in VolumeMounts. Default false.

NFSVolumeSource [v1/core]

The following table describes the parameters for NFSVolumeSource object:

Field Type Description

path

string

Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

readOnly

boolean

ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

server

string

Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

ISCSIVolumeSource [v1/core]

The following table describes the parameters for ISCSIVolumeSource object:

Field Type Description

chapAuthDiscovery

boolean

whether support iSCSI Discovery CHAP authentication

chapAuthSession

boolean

whether support iSCSI Session CHAP authentication

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi

initiatorName

string

Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.

iqn

string

Target iSCSI Qualified Name.

iscsiInterface

string

iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).

lun

integer

iSCSI Target Lun number.

portals

string array

iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.

secretRef

LocalObjectReference

CHAP Secret for iSCSI target and initiator authentication

targetPortal

string

iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

HostPathVolumeSource [v1/core]

The following table describes the parameters for HostPathVolumeSource object:

Field Type Description

path

string

Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

type

string

Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

GlusterfsVolumeSource [v1/core]

The following table describes the parameters for GlusterfsVolumeSource object:

Field Type Description

endpoints

string

EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

path

string

Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

readOnly

boolean

ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

GitRepoVolumeSource [v1/core]

The following table describes the parameters for GitRepoVolumeSource object:

Field Type Description

directory

string

Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.

repository

string

Repository URL

revision

string

Commit hash for the specified revision.

GCEPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for GCEPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

pdName

string

Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

FlockerVolumeSource [v1/core]

The following table describes the parameters for FlockerVolumeSource object:

Field Type Description

datasetName

string

Name of the dataset stored as metadata → name on the dataset for Flocker should be considered as deprecated

datasetUUID

string

UUID of the dataset. This is unique identifier of a Flocker dataset

FlexVolumeSource [v1/core]

The following table describes the parameters for FlexVolumeSource object:

Field Type Description

driver

string

Driver is the name of the driver to use for this volume.

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.

options

object

Optional: Extra command options if any.

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.

FCVolumeSource [v1/core]

The following table describes the parameters for FCVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

lun

integer

Optional: FC target lun number

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

targetWWNs

string array

Optional: FC target worldwide names (WWNs)

wwids

string array

Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.

EmptyDirVolumeSource [v1/core]

The following table describes the parameters for EmptyDirVolumeSource object:

Field Type Description

medium

string

What type of storage medium should back this directory. The default is "" which means to use the node’s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir

sizeLimit

Quantity

Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir

DownwardAPIVolumeSource [v1/core]

The following table describes the parameters for DownwardAPIVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

DownwardAPIVolumeFile array

Items is a list of downward API volume file

CSIVolumeSource [v1/core]

The following table describes the parameters for CSIVolumeSource object:

Field Type Description

driver

string

Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.

fsType

string

Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.

nodePublishSecretRef

LocalObjectReference

NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.

readOnly

boolean

Specifies a read-only configuration for the volume. Defaults to false (read/write).

volumeAttributes

object

VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver’s documentation for supported values.

ConfigMapVolumeSource [v1/core]

The following table describes the parameters for ConfigMapVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its keys must be defined

CinderVolumeSource [v1/core]

The following table describes the parameters for CinderVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

secretRef

LocalObjectReference

Optional: points to a secret object containing parameters used to connect to RHOSP.

volumeID

string

volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

CephFSVolumeSource [v1/core]

The following table describes the parameters for CephFSVolumeSource object:

Field Type Description

monitors

string array

Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

path

string

Optional: Used as the mounted root, rather than the full Ceph tree, default is /

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretFile

string

Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretRef

LocalObjectReference

Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

user

string

Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

AzureFileVolumeSource [v1/core]

The following table describes the parameters for AzureFileVolumeSource object:

Field Type Description

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretName

string

the name of secret that contains Azure Storage Account Name and Key

shareName

string

Share Name

AzureDiskVolumeSource [v1/core]

The following table describes the parameters for AzureDiskVolumeSource object:

Field Type Description

cachingMode

string

Host Caching mode: None, Read Only, Read Write.

diskName

string

The Name of the data disk in the blob storage

diskURI

string

The URI the data disk in the blob storage

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

kind

string

Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

AWSElasticBlockStoreVolumeSource [v1/core]

The following table describes the parameters for AWSElasticBlockStoreVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).

readOnly

boolean

Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

volumeID

string

Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

TopologySpreadConstraint [v1/core]

The following table describes the parameters for TopologySpreadConstraint object:

Field Type Description

labelSelector

LabelSelector

LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.

maxSkew

integer

MaxSkew describes the degree to which pods may be unevenly distributed. It’s the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0:

zone1

zone2

zone3

P

- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It’s a required field. Default value is 1 and 0 is not allowed.

topologyKey

string

TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. It’s a required field.

whenUnsatisfiable

string

WhenUnsatisfiable indicates how to deal with a pod if it doesn’t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It’s considered as "Unsatisfiable" if and only if placing incoming pod on any topology violates "MaxSkew". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1:

zone1

zone2

zone3

P P P

P

Toleration [v1/core]

The following table describes the parameters for Toleration object:

Field Type Description

effect

string

Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.

key

string

Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.

operator

string

Operator represents a key’s relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.

tolerationSeconds

integer

TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.

value

string

Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.

PodSecurityContext [v1/core]

The following table describes the parameters for PodSecurityContext object:

Field Type Description

fsGroup

integer

A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:

1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR’d with rw-rw----

If unset, the Kubelet will not modify the ownership and permissions of any volume.

runAsGroup

integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

runAsNonRoot

boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser

integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

seLinuxOptions

SELinuxOptions

The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

supplementalGroups

integer array

A list of groups applied to the first process run in each container, in addition to the container’s primary GID. If unspecified, no groups will be added to any container.

sysctls

Sysctl array

Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch.

windowsOptions

WindowsSecurityContextOptions

The Windows specific settings applied to all containers. If unspecified, the options within a container’s SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

WindowsSecurityContextOptions [v1/core]

The following table describes the parameters for WindowsSecurityContextOptions object:

Field Type Description

gmsaCredentialSpec

string

GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.

gmsaCredentialSpecName

string

GMSACredentialSpecName is the name of the GMSA credential spec to use. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.

runAsUserName

string

The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. This field is alpha-level and it is only honored by servers that enable the WindowsRunAsUserName feature flag.

Sysctl [v1/core]

The following table describes the parameters for Sysctl object:

Field Type Description

name

string

Name of a property to set

value

string

Value of a property to set

SELinuxOptions [v1/core]

The following table describes the parameters for SELinuxOptions object:

Field Type Description

level

string

Level is SELinux level label that applies to the container.

role

string

Role is a SELinux role label that applies to the container.

type

string

Type is a SELinux type label that applies to the container.

user

string

User is a SELinux user label that applies to the container.

PodReadinessGate [v1/core]

The following table describes the parameters for PodReadinessGate object:

Field Type Description

conditionType

string

ConditionType refers to a condition in the pod’s condition list with matching type.

HostAlias [v1/core]

The following table describes the parameters for HostAlias object:

Field Type Description

hostnames

string array

Hostnames for the above IP address.

ip

string

IP address of the host file entry.

EphemeralContainer [v1/core]

The following table describes the parameters for EphemeralContainer object:

Field Type Description

args

string array

Arguments to the entrypoint. The docker image’s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

command

string array

Entrypoint array. Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

env

EnvVar array

List of environment variables to set in the container. Cannot be updated.

envFrom

EnvFromSource array

List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.

image

string

Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images

imagePullPolicy

string

Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images

lifecycle

Lifecycle

Lifecycle is not allowed for ephemeral containers.

livenessProbe

Probe

Probes are not allowed for ephemeral containers.

name

string

Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.

ports

ContainerPort array

Ports are not allowed for ephemeral containers.

readinessProbe

Probe

Probes are not allowed for ephemeral containers.

resources

ResourceRequirements

Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.

securityContext

SecurityContext

SecurityContext is not allowed for ephemeral containers.

startupProbe

Probe

Probes are not allowed for ephemeral containers.

stdin

boolean

Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.

stdinOnce

boolean

Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false

targetContainerName

string

If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container is run in whatever namespaces are shared for the pod. Note that the container runtime must support this feature.

terminationMessagePath

string

Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.

terminationMessagePolicy

string

Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.

tty

boolean

Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.

volumeDevices

VolumeDevice array

volumeDevices is the list of block devices to be used by the container. This is a beta feature.

volumeMounts

VolumeMount array

Pod volumes to mount into the container’s filesystem. Cannot be updated.

workingDir

string

Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.

VolumeMount [v1/core]

The following table describes the parameters for VolumeMount object:

Field Type Description

mountPath

string

Path within the container at which the volume should be mounted. Must not contain ':'.

mountPropagation

string

mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.

name

string

This must match the Name of a Volume.

readOnly

boolean

Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.

subPath

string

Path within the volume from which the container’s volume should be mounted. Defaults to "" (volume’s root).

subPathExpr

string

Expanded path within the volume from which the container’s volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container’s environment. Defaults to "" (volume’s root). SubPathExpr and SubPath are mutually exclusive. This field is beta in 1.15.

VolumeDevice [v1/core]

The following table describes the parameters for VolumeDevice object:

Field Type Description

devicePath

string

devicePath is the path inside of the container that the device will be mapped to.

name

string

name must match the name of a persistentVolumeClaim in the pod

SecurityContext [v1/core]

The following table describes the parameters for SecurityContext object:

Field Type Description

allowPrivilegeEscalation

boolean

AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN

capabilities

Capabilities

The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.

privileged

boolean

Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.

procMount

string

procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.

readOnlyRootFilesystem

boolean

Whether this container has a read-only root filesystem. Default is false.

runAsGroup

integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsNonRoot

boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser

integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

seLinuxOptions

SELinuxOptions

The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

windowsOptions

WindowsSecurityContextOptions

The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

Capabilities [v1/core]

The following table describes the parameters for Capabilities object:

Field Type Description

add

string array

Added capabilities

drop

string array

Removed capabilities

ContainerPort [v1/core]

The following table describes the parameters for ContainerPort object:

Field Type Description

containerPort

integer

Number of port to expose on the pod’s IP address. This must be a valid port number, 0 < x < 65536.

hostIP

string

What host IP to bind the external port to.

hostPort

integer

Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.

name

string

If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.

protocol

string

Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".

Probe [v1/core]

The following table describes the parameters for Probe object:

Field Type Description

exec

ExecAction

One and only one of the following should be specified. Exec specifies the action to take.

failureThreshold

integer

Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.

httpGet

HTTPGetAction

HTTPGet specifies the http request to perform.

initialDelaySeconds

integer

Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

periodSeconds

integer

How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.

successThreshold

integer

Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

tcpSocket

TCPSocketAction

TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported

timeoutSeconds

integer

Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

TCPSocketAction [v1/core]

The following table describes the parameters for TCPSocketAction object:

Field Type Description

host

string

Optional: Host name to connect to, defaults to the pod IP.

port

Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

HTTPGetAction [v1/core]

The following table describes the parameters for HTTPGetAction object:

Field Type Description

host

string

Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.

httpHeaders

HTTPHeader array

Custom headers to set in the request. HTTP allows repeated headers.

path

string

Path to access on the HTTP server.

port

Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

scheme

string

Scheme to use for connecting to the host. Defaults to HTTP.

HTTPHeader [v1/core]

The following table describes the parameters for HTTPHeader object:

Field Type Description

name

string

The header field name

value

string

The header field value

ExecAction [v1/core]

The following table describes the parameters for ExecAction object:

Field Type Description

command

string array

Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('

Lifecycle [v1/core]

The following table describes the parameters for Lifecycle object:

Field Type Description

postStart

Handler

PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

preStop

Handler

PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod’s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod’s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

Handler [v1/core]

The following table describes the parameters for Handler object:

Field Type Description

exec

ExecAction

One and only one of the following should be specified. Exec specifies the action to take.

httpGet

HTTPGetAction

HTTPGet specifies the http request to perform.

tcpSocket

TCPSocketAction

TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported

EnvFromSource [v1/core]

The following table describes the parameters for EnvFromSource object:

Field Type Description

configMapRef

ConfigMapEnvSource

The ConfigMap to select from

prefix

string

An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.

secretRef

SecretEnvSource

The Secret to select from

SecretEnvSource [v1/core]

The following table describes the parameters for SecretEnvSource object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret must be defined

ConfigMapEnvSource [v1/core]

The following table describes the parameters for ConfigMapEnvSource object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap must be defined

EnvVar [v1/core]

The following table describes the parameters for EnvVar object:

Field Type Description

name

string

Name of the environment variable. Must be a C_IDENTIFIER.

value

string

Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".

valueFrom

EnvVarSource

Source for the environment variable’s value. Cannot be used if value is not empty.

EnvVarSource [v1/core]

The following table describes the parameters for EnvVarSource object:

Field Type Description

configMapKeyRef

ConfigMapKeySelector

Selects a key of a ConfigMap.

fieldRef

ObjectFieldSelector

Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP.

resourceFieldRef

ResourceFieldSelector

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.

secretKeyRef

SecretKeySelector

Selects a key of a secret in the pod’s namespace

SecretKeySelector [v1/core]

The following table describes the parameters for SecretKeySelector object:

Field Type Description

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

ConfigMapKeySelector [v1/core]

The following table describes the parameters for ConfigMapKeySelector object:

Field Type Description

key

string

The key to select.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its key must be defined

PodDNSConfig [v1/core]

The following table describes the parameters for PodDNSConfig object:

Field Type Description

nameservers

string array

A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.

options

PodDNSConfigOption array

A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.

searches

string array

A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.

PodDNSConfigOption [v1/core]

The following table describes the parameters for PodDNSConfigOption object:

Field Type Description

name

string

Required.

value

string

Container [v1/core]

The following table describes the parameters for Container object:

Field Type Description

args

string array

Arguments to the entrypoint. The docker image’s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

command

string array

Entrypoint array. Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

env

EnvVar array

List of environment variables to set in the container. Cannot be updated.

envFrom

EnvFromSource array

List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.

image

string

Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.

imagePullPolicy

string

Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images

lifecycle

Lifecycle

Actions that the management system should take in response to container lifecycle events. Cannot be updated.

livenessProbe

Probe

Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

name

string

Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.

ports

ContainerPort array

List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated.

readinessProbe

Probe

Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

resources

ResourceRequirements

Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

securityContext

SecurityContext

Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

startupProbe

Probe

StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod’s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is an alpha feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

stdin

boolean

Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.

stdinOnce

boolean

Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false

terminationMessagePath

string

Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.

terminationMessagePolicy

string

Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.

tty

boolean

Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.

volumeDevices

VolumeDevice array

volumeDevices is the list of block devices to be used by the container. This is a beta feature.

volumeMounts

VolumeMount array

Pod volumes to mount into the container’s filesystem. Cannot be updated.

workingDir

string

Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.

Affinity [v1/core]

The following table describes the parameters for Affinity object:

Field Type Description

nodeAffinity

NodeAffinity

Describes node affinity scheduling rules for the pod.

podAffinity

PodAffinity

Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).

podAntiAffinity

PodAntiAffinity

Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).

PodAntiAffinity [v1/core]

The following table describes the parameters for PodAntiAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

WeightedPodAffinityTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

PodAffinityTerm array

If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

PodAffinityTerm [v1/core]

The following table describes the parameters for PodAffinityTerm object:

Field Type Description

labelSelector

LabelSelector

A label query over a set of resources, in this case pods.

namespaces

string array

namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod’s namespace"

topologyKey

string

This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.

WeightedPodAffinityTerm [v1/core]

The following table describes the parameters for WeightedPodAffinityTerm object:

Field Type Description

podAffinityTerm

PodAffinityTerm

Required. A pod affinity term, associated with the corresponding weight.

weight

integer

weight associated with matching the corresponding podAffinityTerm, in the range 1-100.

PodAffinity [v1/core]

The following table describes the parameters for PodAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

WeightedPodAffinityTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

PodAffinityTerm array

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

NodeAffinity [v1/core]

The following table describes the parameters for NodeAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

PreferredSchedulingTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

NodeSelector

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.

NodeSelector [v1/core]

The following table describes the parameters for NodeSelector object:

Field Type Description

nodeSelectorTerms

NodeSelectorTerm array

Required. A list of node selector terms. The terms are ORed.

NodeSelectorTerm [v1/core]

The following table describes the parameters for NodeSelectorTerm object:

Field Type Description

matchExpressions

NodeSelectorRequirement array

A list of node selector requirements by node’s labels.

matchFields

NodeSelectorRequirement array

A list of node selector requirements by node’s fields.

NodeSelectorRequirement [v1/core]

The following table describes the parameters for NodeSelectorRequirement object:

Field Type Description

key

string

The label key that the selector applies to.

operator

string

Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.

values

string array

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.

PreferredSchedulingTerm [v1/core]

The following table describes the parameters for PreferredSchedulingTerm object:

Field Type Description

preference

NodeSelectorTerm

A node selector term, associated with the corresponding weight.

weight

integer

Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.

Operations

Write Operations

Create

create a StatefulSet

HTTP request

post /apis/apps/v1/namespaces/{namespace}/statefulsets

Table 1054. HTTP body
Object	Type
`body`	StatefulSet

Table 1055. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1056. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1057. HTTP responses
Code	Type
200 - OK	StatefulSet
201 - Created	StatefulSet
202 - Accepted	StatefulSet

Patch

partially update the specified StatefulSet

HTTP request

patch /apis/apps/v1/namespaces/{namespace}/statefulsets/{name}

Table 1058. HTTP body
Object	Type
`body`	Patch

Table 1059. Path parameters
Parameter	Description
`name`	name of the StatefulSet
`namespace`	object name and auth scope, such as for teams and projects

Table 1060. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1061. HTTP responses
Code	Type
200 - OK	StatefulSet

Replace

replace the specified StatefulSet

HTTP request

put /apis/apps/v1/namespaces/{namespace}/statefulsets/{name}

Table 1062. HTTP body
Object	Type
`body`	StatefulSet

Table 1063. Path parameters
Parameter	Description
`name`	name of the StatefulSet
`namespace`	object name and auth scope, such as for teams and projects

Table 1064. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1065. HTTP responses
Code	Type
200 - OK	StatefulSet
201 - Created	StatefulSet

Delete

delete a StatefulSet

HTTP request

delete /apis/apps/v1/namespaces/{namespace}/statefulsets/{name}

Table 1066. HTTP body
Object	Type
`body`	DeleteOptions

Table 1067. Path parameters
Parameter	Description
`name`	name of the StatefulSet
`namespace`	object name and auth scope, such as for teams and projects

Table 1068. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 1069. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of StatefulSet

HTTP request

delete /apis/apps/v1/namespaces/{namespace}/statefulsets

Table 1070. HTTP body
Object	Type
`body`	DeleteOptions

Table 1071. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1072. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1073. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified StatefulSet

HTTP request

get /apis/apps/v1/namespaces/{namespace}/statefulsets/{name}

Table 1074. Path parameters
Parameter	Description
`name`	name of the StatefulSet
`namespace`	object name and auth scope, such as for teams and projects

Table 1075. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 1076. HTTP responses
Code	Type
200 - OK	StatefulSet

List

list or watch objects of kind StatefulSet

HTTP request

get /apis/apps/v1/namespaces/{namespace}/statefulsets

Table 1077. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1078. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1079. HTTP responses
Code	Type
200 - OK	StatefulSetList

List All Namespaces

list or watch objects of kind StatefulSet

HTTP request

get /apis/apps/v1/statefulsets

Table 1080. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1081. HTTP responses
Code	Type
200 - OK	StatefulSetList

Watch

watch changes to an object of kind StatefulSet. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /apis/apps/v1/watch/namespaces/{namespace}/statefulsets/{name}

Table 1082. Path parameters
Parameter	Description
`name`	name of the StatefulSet
`namespace`	object name and auth scope, such as for teams and projects

Table 1083. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1084. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of StatefulSet. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/apps/v1/watch/namespaces/{namespace}/statefulsets

Table 1085. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1086. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1087. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List All Namespaces

watch individual changes to a list of StatefulSet. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/apps/v1/watch/statefulsets

Table 1088. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1089. HTTP responses
Code	Type
200 - OK	WatchEvent

Status Operations

Patch Status

partially update status of the specified StatefulSet

HTTP request

patch /apis/apps/v1/namespaces/{namespace}/statefulsets/{name}/status

Table 1090. HTTP body
Object	Type
`body`	Patch

Table 1091. Path parameters
Parameter	Description
`name`	name of the StatefulSet
`namespace`	object name and auth scope, such as for teams and projects

Table 1092. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1093. HTTP responses
Code	Type
200 - OK	StatefulSet

Read Status

read status of the specified StatefulSet

HTTP request

get /apis/apps/v1/namespaces/{namespace}/statefulsets/{name}/status

Table 1094. Path parameters
Parameter	Description
`name`	name of the StatefulSet
`namespace`	object name and auth scope, such as for teams and projects

Table 1095. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 1096. HTTP responses
Code	Type
200 - OK	StatefulSet

Replace Status

replace status of the specified StatefulSet

HTTP request

put /apis/apps/v1/namespaces/{namespace}/statefulsets/{name}/status

Table 1097. HTTP body
Object	Type
`body`	StatefulSet

Table 1098. Path parameters
Parameter	Description
`name`	name of the StatefulSet
`namespace`	object name and auth scope, such as for teams and projects

Table 1099. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1100. HTTP responses
Code	Type
200 - OK	StatefulSet
201 - Created	StatefulSet

Misc Operations

Read Scale

read scale of the specified StatefulSet

HTTP request

get /apis/apps/v1/namespaces/{namespace}/statefulsets/{name}/scale

Table 1101. Path parameters
Parameter	Description
`name`	name of the Scale
`namespace`	object name and auth scope, such as for teams and projects

Table 1102. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 1103. HTTP responses
Code	Type
200 - OK	Scale

Replace Scale

replace scale of the specified StatefulSet

HTTP request

put /apis/apps/v1/namespaces/{namespace}/statefulsets/{name}/scale

Table 1104. HTTP body
Object	Type
`body`	Scale

Table 1105. Path parameters
Parameter	Description
`name`	name of the Scale
`namespace`	object name and auth scope, such as for teams and projects

Table 1106. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1107. HTTP responses
Code	Type
200 - OK	Scale
201 - Created	Scale

Patch Scale

partially update scale of the specified StatefulSet

HTTP request

patch /apis/apps/v1/namespaces/{namespace}/statefulsets/{name}/scale

Table 1108. HTTP body
Object	Type
`body`	Patch

Table 1109. Path parameters
Parameter	Description
`name`	name of the Scale
`namespace`	object name and auth scope, such as for teams and projects

Table 1110. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1111. HTTP responses
Code	Type
200 - OK	Scale

DeploymentConfig v1 apps.openshift.io

Appears in

DeploymentConfigList [apps.openshift.io/v1]

Definitions

DeploymentConfig [v1/apps.openshift.io]

The following table describes the parameters for the DeploymentConfig object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

spec

DeploymentConfigSpec

Spec represents a desired deployment state and how to deploy to it.

status

DeploymentConfigStatus

Status represents the current deployment state.

DeploymentConfigSpec [v1/apps.openshift.io]

The following table describes the parameters for DeploymentConfigSpec object:

Field Type Description

minReadySeconds

integer

MinReadySeconds is the minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)

paused

boolean

Paused indicates that the deployment config is paused resulting in no new deployments on template changes or changes in the template caused by other triggers.

replicas

integer

Replicas is the number of desired replicas.

revisionHistoryLimit

integer

RevisionHistoryLimit is the number of old ReplicationControllers to retain to allow for rollbacks. This field is a pointer to allow for differentiation between an explicit zero and not specified. Defaults to 10. (This only applies to DeploymentConfigs created via the new group API resource, not the legacy resource.)

selector

object

Selector is a label query over pods that should match the Replicas count.

strategy

DeploymentStrategy

Strategy describes how a deployment is executed.

template

PodTemplateSpec

Template is the object that describes the pod that will be created if insufficient replicas are detected.

test

boolean

Test ensures that this deployment config will have zero replicas except while a deployment is running. This allows the deployment config to be used as a continuous deployment test - triggering on images, running the deployment, and then succeeding or failing. Post strategy hooks and After actions can be used to integrate successful deployment with an action.

triggers

DeploymentTriggerPolicy array

Triggers determine how updates to a DeploymentConfig result in new deployments. If no triggers are defined, a new deployment can only occur as a result of an explicit client update to the DeploymentConfig with a new LatestVersion. If null, defaults to having a config change trigger.

DeploymentConfigStatus [v1/apps.openshift.io]

The following table describes the parameters for DeploymentConfigStatus object:

Field Type Description

availableReplicas

integer

AvailableReplicas is the total number of available pods targeted by this deployment config.

conditions

DeploymentCondition array

Conditions represents the latest available observations of a deployment config’s current state.

details

DeploymentDetails

Details are the reasons for the update to this deployment config. This could be based on a change made by the user or caused by an automatic trigger

latestVersion

integer

LatestVersion is used to determine whether the current deployment associated with a deployment config is out of sync.

observedGeneration

integer

ObservedGeneration is the most recent generation observed by the deployment config controller.

readyReplicas

integer

Total number of ready pods targeted by this deployment.

replicas

integer

Replicas is the total number of pods targeted by this deployment config.

unavailableReplicas

integer

UnavailableReplicas is the total number of unavailable pods targeted by this deployment config.

updatedReplicas

integer

UpdatedReplicas is the total number of non-terminated pods targeted by this deployment config that have the desired template spec.

DeploymentConfigList [v1/apps.openshift.io]

The following table describes the parameters for DeploymentConfigList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

DeploymentConfig array

Items is a list of deployment configs

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

DeploymentConfigRollback [v1/apps.openshift.io]

The following table describes the parameters for DeploymentConfigRollback object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the deployment config that will be rolled back.

spec

DeploymentConfigRollbackSpec

Spec defines the options to rollback generation.

updatedAnnotations

object

UpdatedAnnotations is a set of new annotations that will be added in the deployment config.

DeploymentDetails [v1/apps.openshift.io]

The following table describes the parameters for DeploymentDetails object:

Field Type Description

causes

DeploymentCause array

Causes are extended data associated with all the causes for creating a new deployment

message

string

Message is the user specified change message, if this deployment was triggered manually by the user

DeploymentCause [v1/apps.openshift.io]

The following table describes the parameters for DeploymentCause object:

Field Type Description

imageTrigger

DeploymentCauseImageTrigger

ImageTrigger contains the image trigger details, if this trigger was fired based on an image change

type

string

Type of the trigger that resulted in the creation of a new deployment

DeploymentCauseImageTrigger [v1/apps.openshift.io]

The following table describes the parameters for DeploymentCauseImageTrigger object:

Field Type Description

from

ObjectReference

From is a reference to the changed object which triggered a deployment. The field may have the kinds DockerImage, ImageStreamTag, or ImageStreamImage.

ObjectReference [v1/core]

The following table describes the parameters for ObjectReference object:

Field Type Description

apiVersion

string

API version of the referent.

fieldPath

string

If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

DeploymentCondition [v1/apps.openshift.io]

The following table describes the parameters for DeploymentCondition object:

Field Type Description

lastTransitionTime

Time

The last time the condition transitioned from one status to another.

lastUpdateTime

Time

The last time this condition was updated.

message

string

A human readable message indicating details about the transition.

reason

string

The reason for the condition’s last transition.

status

string

Status of the condition, one of True, False, Unknown.

type

string

Type of deployment condition.

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

DeploymentTriggerPolicy [v1/apps.openshift.io]

The following table describes the parameters for DeploymentTriggerPolicy object:

Field Type Description

imageChangeParams

DeploymentTriggerImageChangeParams

ImageChangeParams represents the parameters for the ImageChange trigger.

type

string

Type of the trigger

DeploymentTriggerImageChangeParams [v1/apps.openshift.io]

The following table describes the parameters for DeploymentTriggerImageChangeParams object:

Field Type Description

automatic

boolean

Automatic means that the detection of a new tag value should result in an image update inside the pod template.

containerNames

string array

ContainerNames is used to restrict tag updates to the specified set of container names in a pod. If multiple triggers point to the same containers, the resulting behavior is undefined. Future API versions will make this a validation error. If ContainerNames does not point to a valid container, the trigger will be ignored. Future API versions will make this a validation error.

from

ObjectReference

From is a reference to an image stream tag to watch for changes. From.Name is the only required subfield - if From.Namespace is blank, the namespace of the current deployment trigger will be used.

lastTriggeredImage

string

LastTriggeredImage is the last image to be triggered.

PodTemplateSpec [v1/core]

The following table describes the parameters for PodTemplateSpec object:

Field Type Description

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

PodSpec

Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

PodSpec [v1/core]

The following table describes the parameters for PodSpec object:

Field Type Description

activeDeadlineSeconds

integer

Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.

affinity

Affinity

If specified, the pod’s scheduling constraints

automountServiceAccountToken

boolean

AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.

containers

Container array

List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.

dnsConfig

PodDNSConfig

Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.

dnsPolicy

string

Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.

enableServiceLinks

boolean

EnableServiceLinks indicates whether information about services should be injected into pod’s environment variables, matching the syntax of Docker links. Optional: Defaults to true.

ephemeralContainers

EphemeralContainer array

List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod’s ephemeralcontainers subresource. This field is alpha-level and is only honored by servers that enable the EphemeralContainers feature.

hostAliases

HostAlias array

HostAliases is an optional list of hosts and IPs that will be injected into the pod’s hosts file if specified. This is only valid for non-hostNetwork pods.

hostIPC

boolean

Use the host’s ipc namespace. Optional: Default to false.

hostNetwork

boolean

Host networking requested for this pod. Use the host’s network namespace. If this option is set, the ports that will be used must be specified. Default to false.

hostPID

boolean

Use the host’s pid namespace. Optional: Default to false.

hostname

string

Specifies the hostname of the Pod If not specified, the pod’s hostname will be set to a system-defined value.

imagePullSecrets

LocalObjectReference array

ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod

initContainers

Container array

List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

nodeName

string

NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.

nodeSelector

object

NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node’s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/

overhead

object

Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md This field is alpha-level as of Kubernetes v1.16, and is only honored by servers that enable the PodOverhead feature.

preemptionPolicy

string

PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. This field is alpha-level and is only honored by servers that enable the NonPreemptingPriority feature.

priority

integer

The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.

priorityClassName

string

If specified, indicates the pod’s priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.

readinessGates

PodReadinessGate array

If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md

restartPolicy

string

Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy

runtimeClassName

string

RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md This is a beta feature as of Kubernetes v1.14.

schedulerName

string

If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.

securityContext

PodSecurityContext

SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.

serviceAccount

string

DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.

serviceAccountName

string

ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

shareProcessNamespace

boolean

Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false. This field is beta-level and may be disabled with the PodShareProcessNamespace feature.

subdomain

string

If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not specified, the pod will not have a domainname at all.

terminationGracePeriodSeconds

integer

Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.

tolerations

Toleration array

If specified, the pod’s tolerations.

topologySpreadConstraints

TopologySpreadConstraint array

TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. This field is alpha-level and is only honored by clusters that enables the EvenPodsSpread feature. All topologySpreadConstraints are ANDed.

volumes

Volume array

List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes

Volume [v1/core]

The following table describes the parameters for Volume object:

Field Type Description

awsElasticBlockStore

AWSElasticBlockStoreVolumeSource

AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

azureDisk

AzureDiskVolumeSource

AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.

azureFile

AzureFileVolumeSource

AzureFile represents an Azure File Service mount on the host and bind mount to the pod.

cephfs

CephFSVolumeSource

CephFS represents a Ceph FS mount on the host that shares a pod’s lifetime

cinder

CinderVolumeSource

Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

configMap

ConfigMapVolumeSource

ConfigMap represents a configMap that should populate this volume

csi

CSIVolumeSource

CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature).

downwardAPI

DownwardAPIVolumeSource

DownwardAPI represents downward API about the pod that should populate this volume

emptyDir

EmptyDirVolumeSource

EmptyDir represents a temporary directory that shares a pod’s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir

fc

FCVolumeSource

FC represents a Fibre Channel resource that is attached to a kubelet’s host machine and then exposed to the pod.

flexVolume

FlexVolumeSource

FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.

flocker

FlockerVolumeSource

Flocker represents a Flocker volume attached to a kubelet’s host machine. This depends on the Flocker control service being running

gcePersistentDisk

GCEPersistentDiskVolumeSource

GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

gitRepo

GitRepoVolumeSource

GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod’s container.

glusterfs

GlusterfsVolumeSource

Glusterfs represents a Glusterfs mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md

hostPath

HostPathVolumeSource

HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

iscsi

ISCSIVolumeSource

ISCSI represents an ISCSI Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md

name

string

Volume’s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

nfs

NFSVolumeSource

NFS represents an NFS mount on the host that shares a pod’s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

persistentVolumeClaim

PersistentVolumeClaimVolumeSource

PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

photonPersistentDisk

PhotonPersistentDiskVolumeSource

PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine

portworxVolume

PortworxVolumeSource

PortworxVolume represents a portworx volume attached and mounted on kubelets host machine

projected

ProjectedVolumeSource

Items for all in one resources secrets, configmaps, and downward API

quobyte

QuobyteVolumeSource

Quobyte represents a Quobyte mount on the host that shares a pod’s lifetime

rbd

RBDVolumeSource

RBD represents a Rados Block Device mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md

scaleIO

ScaleIOVolumeSource

ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.

secret

SecretVolumeSource

Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret

storageos

StorageOSVolumeSource

StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.

vsphereVolume

VsphereVirtualDiskVolumeSource

VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine

VsphereVirtualDiskVolumeSource [v1/core]

The following table describes the parameters for VsphereVirtualDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

storagePolicyID

string

Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.

storagePolicyName

string

Storage Policy Based Management (SPBM) profile name.

volumePath

string

Path that identifies vSphere volume vmdk

StorageOSVolumeSource [v1/core]

The following table describes the parameters for StorageOSVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.

volumeName

string

VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.

volumeNamespace

string

VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod’s namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.

LocalObjectReference [v1/core]

The following table describes the parameters for LocalObjectReference object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

SecretVolumeSource [v1/core]

The following table describes the parameters for SecretVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

optional

boolean

Specify whether the Secret or its keys must be defined

secretName

string

Name of the secret in the pod’s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret

KeyToPath [v1/core]

The following table describes the parameters for KeyToPath object:

Field Type Description

key

string

The key to project.

mode

integer

Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

path

string

The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.

ScaleIOVolumeSource [v1/core]

The following table describes the parameters for ScaleIOVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".

gateway

string

The host address of the ScaleIO API Gateway.

protectionDomain

string

The name of the ScaleIO Protection Domain for the configured storage.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.

sslEnabled

boolean

Flag to enable/disable SSL communication with Gateway, default false

storageMode

string

Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.

storagePool

string

The ScaleIO Storage Pool associated with the protection domain.

system

string

The name of the storage system as configured in ScaleIO.

volumeName

string

The name of a volume already created in the ScaleIO system that is associated with this volume source.

RBDVolumeSource [v1/core]

The following table describes the parameters for RBDVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd

image

string

The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

keyring

string

Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

monitors

string array

A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

pool

string

The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

secretRef

LocalObjectReference

SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

user

string

The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

QuobyteVolumeSource [v1/core]

The following table describes the parameters for QuobyteVolumeSource object:

Field Type Description

group

string

Group to map volume access to Default is no group

readOnly

boolean

ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.

registry

string

Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes

tenant

string

Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin

user

string

User to map volume access to Defaults to serivceaccount user

volume

string

Volume is a string that references an already created Quobyte volume by name.

ProjectedVolumeSource [v1/core]

The following table describes the parameters for ProjectedVolumeSource object:

Field Type Description

defaultMode

integer

Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

sources

VolumeProjection array

list of volume projections

VolumeProjection [v1/core]

The following table describes the parameters for VolumeProjection object:

Field Type Description

configMap

ConfigMapProjection

information about the configMap data to project

downwardAPI

DownwardAPIProjection

information about the downwardAPI data to project

secret

SecretProjection

information about the secret data to project

serviceAccountToken

ServiceAccountTokenProjection

information about the serviceAccountToken data to project

ServiceAccountTokenProjection [v1/core]

The following table describes the parameters for ServiceAccountTokenProjection object:

Field Type Description

audience

string

Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.

expirationSeconds

integer

ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.

path

string

Path is the path relative to the mount point of the file to project the token into.

SecretProjection [v1/core]

The following table describes the parameters for SecretProjection object:

Field Type Description

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

DownwardAPIProjection [v1/core]

The following table describes the parameters for DownwardAPIProjection object:

Field Type Description

items

DownwardAPIVolumeFile array

Items is a list of DownwardAPIVolume file

DownwardAPIVolumeFile [v1/core]

The following table describes the parameters for DownwardAPIVolumeFile object:

Field Type Description

fieldRef

ObjectFieldSelector

Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.

mode

integer

Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

path

string

Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'

resourceFieldRef

ResourceFieldSelector

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.

ResourceFieldSelector [v1/core]

The following table describes the parameters for ResourceFieldSelector object:

Field Type Description

containerName

string

Container name: required for volumes, optional for env vars

divisor

Quantity

Specifies the output format of the exposed resources, defaults to "1"

resource

string

Required: resource to select

Quantity [resource/core]

The following table describes the parameters for Quantity object:

Field

Type

Description

ObjectFieldSelector [v1/core]

The following table describes the parameters for ObjectFieldSelector object:

Field Type Description

apiVersion

string

Version of the schema the FieldPath is written in terms of, defaults to "v1".

fieldPath

string

Path of the field to select in the specified API version.

ConfigMapProjection [v1/core]

The following table describes the parameters for ConfigMapProjection object:

Field Type Description

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its keys must be defined

PortworxVolumeSource [v1/core]

The following table describes the parameters for PortworxVolumeSource object:

Field Type Description

fsType

string

FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

volumeID

string

VolumeID uniquely identifies a Portworx volume

PhotonPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for PhotonPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

pdID

string

ID that identifies Photon Controller persistent disk

PersistentVolumeClaimVolumeSource [v1/core]

The following table describes the parameters for PersistentVolumeClaimVolumeSource object:

Field Type Description

claimName

string

ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

readOnly

boolean

Will force the ReadOnly setting in VolumeMounts. Default false.

NFSVolumeSource [v1/core]

The following table describes the parameters for NFSVolumeSource object:

Field Type Description

path

string

Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

readOnly

boolean

ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

server

string

Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

ISCSIVolumeSource [v1/core]

The following table describes the parameters for ISCSIVolumeSource object:

Field Type Description

chapAuthDiscovery

boolean

whether support iSCSI Discovery CHAP authentication

chapAuthSession

boolean

whether support iSCSI Session CHAP authentication

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi

initiatorName

string

Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.

iqn

string

Target iSCSI Qualified Name.

iscsiInterface

string

iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).

lun

integer

iSCSI Target Lun number.

portals

string array

iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.

secretRef

LocalObjectReference

CHAP Secret for iSCSI target and initiator authentication

targetPortal

string

iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

HostPathVolumeSource [v1/core]

The following table describes the parameters for HostPathVolumeSource object:

Field Type Description

path

string

Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

type

string

Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

GlusterfsVolumeSource [v1/core]

The following table describes the parameters for GlusterfsVolumeSource object:

Field Type Description

endpoints

string

EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

path

string

Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

readOnly

boolean

ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

GitRepoVolumeSource [v1/core]

The following table describes the parameters for GitRepoVolumeSource object:

Field Type Description

directory

string

Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.

repository

string

Repository URL

revision

string

Commit hash for the specified revision.

GCEPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for GCEPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

pdName

string

Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

FlockerVolumeSource [v1/core]

The following table describes the parameters for FlockerVolumeSource object:

Field Type Description

datasetName

string

Name of the dataset stored as metadata → name on the dataset for Flocker should be considered as deprecated

datasetUUID

string

UUID of the dataset. This is unique identifier of a Flocker dataset

FlexVolumeSource [v1/core]

The following table describes the parameters for FlexVolumeSource object:

Field Type Description

driver

string

Driver is the name of the driver to use for this volume.

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.

options

object

Optional: Extra command options if any.

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.

FCVolumeSource [v1/core]

The following table describes the parameters for FCVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

lun

integer

Optional: FC target lun number

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

targetWWNs

string array

Optional: FC target worldwide names (WWNs)

wwids

string array

Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.

EmptyDirVolumeSource [v1/core]

The following table describes the parameters for EmptyDirVolumeSource object:

Field Type Description

medium

string

What type of storage medium should back this directory. The default is "" which means to use the node’s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir

sizeLimit

Quantity

Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir

DownwardAPIVolumeSource [v1/core]

The following table describes the parameters for DownwardAPIVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

DownwardAPIVolumeFile array

Items is a list of downward API volume file

CSIVolumeSource [v1/core]

The following table describes the parameters for CSIVolumeSource object:

Field Type Description

driver

string

Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.

fsType

string

Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.

nodePublishSecretRef

LocalObjectReference

NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.

readOnly

boolean

Specifies a read-only configuration for the volume. Defaults to false (read/write).

volumeAttributes

object

VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver’s documentation for supported values.

ConfigMapVolumeSource [v1/core]

The following table describes the parameters for ConfigMapVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its keys must be defined

CinderVolumeSource [v1/core]

The following table describes the parameters for CinderVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

secretRef

LocalObjectReference

Optional: points to a secret object containing parameters used to connect to RHOSP.

volumeID

string

volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

CephFSVolumeSource [v1/core]

The following table describes the parameters for CephFSVolumeSource object:

Field Type Description

monitors

string array

Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

path

string

Optional: Used as the mounted root, rather than the full Ceph tree, default is /

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretFile

string

Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretRef

LocalObjectReference

Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

user

string

Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

AzureFileVolumeSource [v1/core]

The following table describes the parameters for AzureFileVolumeSource object:

Field Type Description

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretName

string

the name of secret that contains Azure Storage Account Name and Key

shareName

string

Share Name

AzureDiskVolumeSource [v1/core]

The following table describes the parameters for AzureDiskVolumeSource object:

Field Type Description

cachingMode

string

Host Caching mode: None, Read Only, Read Write.

diskName

string

The Name of the data disk in the blob storage

diskURI

string

The URI the data disk in the blob storage

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

kind

string

Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

AWSElasticBlockStoreVolumeSource [v1/core]

The following table describes the parameters for AWSElasticBlockStoreVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).

readOnly

boolean

Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

volumeID

string

Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

TopologySpreadConstraint [v1/core]

The following table describes the parameters for TopologySpreadConstraint object:

Field Type Description

labelSelector

LabelSelector

LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.

maxSkew

integer

MaxSkew describes the degree to which pods may be unevenly distributed. It’s the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0:

zone1

zone2

zone3

P

- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It’s a required field. Default value is 1 and 0 is not allowed.

topologyKey

string

TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. It’s a required field.

whenUnsatisfiable

string

WhenUnsatisfiable indicates how to deal with a pod if it doesn’t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It’s considered as "Unsatisfiable" if and only if placing incoming pod on any topology violates "MaxSkew". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1:

zone1

zone2

zone3

P P P

P

LabelSelector [v1/meta]

The following table describes the parameters for LabelSelector object:

Field Type Description

matchExpressions

LabelSelectorRequirement array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchLabels

object

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

LabelSelectorRequirement [v1/meta]

The following table describes the parameters for LabelSelectorRequirement object:

Field Type Description

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

string array

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

Toleration [v1/core]

The following table describes the parameters for Toleration object:

Field Type Description

effect

string

Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.

key

string

Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.

operator

string

Operator represents a key’s relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.

tolerationSeconds

integer

TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.

value

string

Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.

PodSecurityContext [v1/core]

The following table describes the parameters for PodSecurityContext object:

Field Type Description

fsGroup

integer

A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:

1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR’d with rw-rw----

If unset, the Kubelet will not modify the ownership and permissions of any volume.

runAsGroup

integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

runAsNonRoot

boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser

integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

seLinuxOptions

SELinuxOptions

The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

supplementalGroups

integer array

A list of groups applied to the first process run in each container, in addition to the container’s primary GID. If unspecified, no groups will be added to any container.

sysctls

Sysctl array

Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch.

windowsOptions

WindowsSecurityContextOptions

The Windows specific settings applied to all containers. If unspecified, the options within a container’s SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

WindowsSecurityContextOptions [v1/core]

The following table describes the parameters for WindowsSecurityContextOptions object:

Field Type Description

gmsaCredentialSpec

string

GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.

gmsaCredentialSpecName

string

GMSACredentialSpecName is the name of the GMSA credential spec to use. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.

runAsUserName

string

The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. This field is alpha-level and it is only honored by servers that enable the WindowsRunAsUserName feature flag.

Sysctl [v1/core]

The following table describes the parameters for Sysctl object:

Field Type Description

name

string

Name of a property to set

value

string

Value of a property to set

SELinuxOptions [v1/core]

The following table describes the parameters for SELinuxOptions object:

Field Type Description

level

string

Level is SELinux level label that applies to the container.

role

string

Role is a SELinux role label that applies to the container.

type

string

Type is a SELinux type label that applies to the container.

user

string

User is a SELinux user label that applies to the container.

PodReadinessGate [v1/core]

The following table describes the parameters for PodReadinessGate object:

Field Type Description

conditionType

string

ConditionType refers to a condition in the pod’s condition list with matching type.

HostAlias [v1/core]

The following table describes the parameters for HostAlias object:

Field Type Description

hostnames

string array

Hostnames for the above IP address.

ip

string

IP address of the host file entry.

EphemeralContainer [v1/core]

The following table describes the parameters for EphemeralContainer object:

Field Type Description

args

string array

Arguments to the entrypoint. The docker image’s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

command

string array

Entrypoint array. Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

env

EnvVar array

List of environment variables to set in the container. Cannot be updated.

envFrom

EnvFromSource array

List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.

image

string

Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images

imagePullPolicy

string

Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images

lifecycle

Lifecycle

Lifecycle is not allowed for ephemeral containers.

livenessProbe

Probe

Probes are not allowed for ephemeral containers.

name

string

Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.

ports

ContainerPort array

Ports are not allowed for ephemeral containers.

readinessProbe

Probe

Probes are not allowed for ephemeral containers.

resources

ResourceRequirements

Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.

securityContext

SecurityContext

SecurityContext is not allowed for ephemeral containers.

startupProbe

Probe

Probes are not allowed for ephemeral containers.

stdin

boolean

Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.

stdinOnce

boolean

Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false

targetContainerName

string

If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container is run in whatever namespaces are shared for the pod. Note that the container runtime must support this feature.

terminationMessagePath

string

Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.

terminationMessagePolicy

string

Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.

tty

boolean

Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.

volumeDevices

VolumeDevice array

volumeDevices is the list of block devices to be used by the container. This is a beta feature.

volumeMounts

VolumeMount array

Pod volumes to mount into the container’s filesystem. Cannot be updated.

workingDir

string

Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.

VolumeMount [v1/core]

The following table describes the parameters for VolumeMount object:

Field Type Description

mountPath

string

Path within the container at which the volume should be mounted. Must not contain ':'.

mountPropagation

string

mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.

name

string

This must match the Name of a Volume.

readOnly

boolean

Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.

subPath

string

Path within the volume from which the container’s volume should be mounted. Defaults to "" (volume’s root).

subPathExpr

string

Expanded path within the volume from which the container’s volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container’s environment. Defaults to "" (volume’s root). SubPathExpr and SubPath are mutually exclusive. This field is beta in 1.15.

VolumeDevice [v1/core]

The following table describes the parameters for VolumeDevice object:

Field Type Description

devicePath

string

devicePath is the path inside of the container that the device will be mapped to.

name

string

name must match the name of a persistentVolumeClaim in the pod

SecurityContext [v1/core]

The following table describes the parameters for SecurityContext object:

Field Type Description

allowPrivilegeEscalation

boolean

AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN

capabilities

Capabilities

The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.

privileged

boolean

Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.

procMount

string

procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.

readOnlyRootFilesystem

boolean

Whether this container has a read-only root filesystem. Default is false.

runAsGroup

integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsNonRoot

boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser

integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

seLinuxOptions

SELinuxOptions

The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

windowsOptions

WindowsSecurityContextOptions

The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

Capabilities [v1/core]

The following table describes the parameters for Capabilities object:

Field Type Description

add

string array

Added capabilities

drop

string array

Removed capabilities

ResourceRequirements [v1/core]

The following table describes the parameters for ResourceRequirements object:

Field Type Description

limits

object

Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

requests

object

Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

ContainerPort [v1/core]

The following table describes the parameters for ContainerPort object:

Field Type Description

containerPort

integer

Number of port to expose on the pod’s IP address. This must be a valid port number, 0 < x < 65536.

hostIP

string

What host IP to bind the external port to.

hostPort

integer

Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.

name

string

If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.

protocol

string

Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".

Probe [v1/core]

The following table describes the parameters for Probe object:

Field Type Description

exec

ExecAction

One and only one of the following should be specified. Exec specifies the action to take.

failureThreshold

integer

Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.

httpGet

HTTPGetAction

HTTPGet specifies the http request to perform.

initialDelaySeconds

integer

Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

periodSeconds

integer

How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.

successThreshold

integer

Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

tcpSocket

TCPSocketAction

TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported

timeoutSeconds

integer

Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

TCPSocketAction [v1/core]

The following table describes the parameters for TCPSocketAction object:

Field Type Description

host

string

Optional: Host name to connect to, defaults to the pod IP.

port

Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

HTTPGetAction [v1/core]

The following table describes the parameters for HTTPGetAction object:

Field Type Description

host

string

Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.

httpHeaders

HTTPHeader array

Custom headers to set in the request. HTTP allows repeated headers.

path

string

Path to access on the HTTP server.

port

Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

scheme

string

Scheme to use for connecting to the host. Defaults to HTTP.

HTTPHeader [v1/core]

The following table describes the parameters for HTTPHeader object:

Field Type Description

name

string

The header field name

value

string

The header field value

ExecAction [v1/core]

The following table describes the parameters for ExecAction object:

Field Type Description

command

string array

Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('

Lifecycle [v1/core]

The following table describes the parameters for Lifecycle object:

Field Type Description

postStart

Handler

PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

preStop

Handler

PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod’s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod’s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

Handler [v1/core]

The following table describes the parameters for Handler object:

Field Type Description

exec

ExecAction

One and only one of the following should be specified. Exec specifies the action to take.

httpGet

HTTPGetAction

HTTPGet specifies the http request to perform.

tcpSocket

TCPSocketAction

TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported

EnvFromSource [v1/core]

The following table describes the parameters for EnvFromSource object:

Field Type Description

configMapRef

ConfigMapEnvSource

The ConfigMap to select from

prefix

string

An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.

secretRef

SecretEnvSource

The Secret to select from

SecretEnvSource [v1/core]

The following table describes the parameters for SecretEnvSource object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret must be defined

ConfigMapEnvSource [v1/core]

The following table describes the parameters for ConfigMapEnvSource object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap must be defined

EnvVar [v1/core]

The following table describes the parameters for EnvVar object:

Field Type Description

name

string

Name of the environment variable. Must be a C_IDENTIFIER.

value

string

Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".

valueFrom

EnvVarSource

Source for the environment variable’s value. Cannot be used if value is not empty.

EnvVarSource [v1/core]

The following table describes the parameters for EnvVarSource object:

Field Type Description

configMapKeyRef

ConfigMapKeySelector

Selects a key of a ConfigMap.

fieldRef

ObjectFieldSelector

Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP.

resourceFieldRef

ResourceFieldSelector

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.

secretKeyRef

SecretKeySelector

Selects a key of a secret in the pod’s namespace

SecretKeySelector [v1/core]

The following table describes the parameters for SecretKeySelector object:

Field Type Description

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

ConfigMapKeySelector [v1/core]

The following table describes the parameters for ConfigMapKeySelector object:

Field Type Description

key

string

The key to select.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its key must be defined

PodDNSConfig [v1/core]

The following table describes the parameters for PodDNSConfig object:

Field Type Description

nameservers

string array

A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.

options

PodDNSConfigOption array

A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.

searches

string array

A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.

PodDNSConfigOption [v1/core]

The following table describes the parameters for PodDNSConfigOption object:

Field Type Description

name

string

Required.

value

string

Container [v1/core]

The following table describes the parameters for Container object:

Field Type Description

args

string array

Arguments to the entrypoint. The docker image’s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

command

string array

Entrypoint array. Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

env

EnvVar array

List of environment variables to set in the container. Cannot be updated.

envFrom

EnvFromSource array

List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.

image

string

Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.

imagePullPolicy

string

Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images

lifecycle

Lifecycle

Actions that the management system should take in response to container lifecycle events. Cannot be updated.

livenessProbe

Probe

Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

name

string

Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.

ports

ContainerPort array

List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated.

readinessProbe

Probe

Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

resources

ResourceRequirements

Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

securityContext

SecurityContext

Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

startupProbe

Probe

StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod’s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is an alpha feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

stdin

boolean

Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.

stdinOnce

boolean

Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false

terminationMessagePath

string

Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.

terminationMessagePolicy

string

Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.

tty

boolean

Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.

volumeDevices

VolumeDevice array

volumeDevices is the list of block devices to be used by the container. This is a beta feature.

volumeMounts

VolumeMount array

Pod volumes to mount into the container’s filesystem. Cannot be updated.

workingDir

string

Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.

Affinity [v1/core]

The following table describes the parameters for Affinity object:

Field Type Description

nodeAffinity

NodeAffinity

Describes node affinity scheduling rules for the pod.

podAffinity

PodAffinity

Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).

podAntiAffinity

PodAntiAffinity

Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).

PodAntiAffinity [v1/core]

The following table describes the parameters for PodAntiAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

WeightedPodAffinityTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

PodAffinityTerm array

If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

PodAffinityTerm [v1/core]

The following table describes the parameters for PodAffinityTerm object:

Field Type Description

labelSelector

LabelSelector

A label query over a set of resources, in this case pods.

namespaces

string array

namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod’s namespace"

topologyKey

string

This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.

WeightedPodAffinityTerm [v1/core]

The following table describes the parameters for WeightedPodAffinityTerm object:

Field Type Description

podAffinityTerm

PodAffinityTerm

Required. A pod affinity term, associated with the corresponding weight.

weight

integer

weight associated with matching the corresponding podAffinityTerm, in the range 1-100.

PodAffinity [v1/core]

The following table describes the parameters for PodAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

WeightedPodAffinityTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

PodAffinityTerm array

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

NodeAffinity [v1/core]

The following table describes the parameters for NodeAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

PreferredSchedulingTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

NodeSelector

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.

NodeSelector [v1/core]

The following table describes the parameters for NodeSelector object:

Field Type Description

nodeSelectorTerms

NodeSelectorTerm array

Required. A list of node selector terms. The terms are ORed.

NodeSelectorTerm [v1/core]

The following table describes the parameters for NodeSelectorTerm object:

Field Type Description

matchExpressions

NodeSelectorRequirement array

A list of node selector requirements by node’s labels.

matchFields

NodeSelectorRequirement array

A list of node selector requirements by node’s fields.

NodeSelectorRequirement [v1/core]

The following table describes the parameters for NodeSelectorRequirement object:

Field Type Description

key

string

The label key that the selector applies to.

operator

string

Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.

values

string array

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.

PreferredSchedulingTerm [v1/core]

The following table describes the parameters for PreferredSchedulingTerm object:

Field Type Description

preference

NodeSelectorTerm

A node selector term, associated with the corresponding weight.

weight

integer

Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

DeploymentStrategy [v1/apps.openshift.io]

The following table describes the parameters for DeploymentStrategy object:

Field Type Description

activeDeadlineSeconds

integer

ActiveDeadlineSeconds is the duration in seconds that the deployer pods for this deployment config may be active on a node before the system actively tries to terminate them.

annotations

object

Annotations is a set of key, value pairs added to custom deployer and lifecycle pre/post hook pods.

customParams

CustomDeploymentStrategyParams

CustomParams are the input to the Custom deployment strategy, and may also be specified for the Recreate and Rolling strategies to customize the execution process that runs the deployment.

labels

object

Labels is a set of key, value pairs added to custom deployer and lifecycle pre/post hook pods.

recreateParams

RecreateDeploymentStrategyParams

RecreateParams are the input to the Recreate deployment strategy.

resources

ResourceRequirements

Resources contains resource requirements to execute the deployment and any hooks.

rollingParams

RollingDeploymentStrategyParams

RollingParams are the input to the Rolling deployment strategy.

type

string

Type is the name of a deployment strategy.

RollingDeploymentStrategyParams [v1/apps.openshift.io]

The following table describes the parameters for RollingDeploymentStrategyParams object:

Field Type Description

intervalSeconds

integer

IntervalSeconds is the time to wait between polling deployment status after update. If the value is nil, a default will be used.

maxSurge

MaxSurge is the maximum number of pods that can be scheduled above the original number of pods. Value can be an absolute number (ex: 5) or a percentage of total pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding up.

This cannot be 0 if MaxUnavailable is 0. By default, 25% is used.

Example: when this is set to 30%, the new RC can be scaled up by 30% immediately when the rolling update starts. Once old pods have been killed, new RC can be scaled up further, ensuring that total number of pods running at any time during the update is atmost 130% of original pods.

maxUnavailable

MaxUnavailable is the maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total pods at the start of update (ex: 10%). Absolute number is calculated from percentage by rounding down.

This cannot be 0 if MaxSurge is 0. By default, 25% is used.

Example: when this is set to 30%, the old RC can be scaled down by 30% immediately when the rolling update starts. Once new pods are ready, old RC can be scaled down further, followed by scaling up the new RC, ensuring that at least 70% of original number of pods are available at all times during the update.

post

LifecycleHook

Post is a lifecycle hook which is executed after the strategy has finished all deployment logic. All LifecycleHookFailurePolicy values are supported.

pre

LifecycleHook

Pre is a lifecycle hook which is executed before the deployment process begins. All LifecycleHookFailurePolicy values are supported.

timeoutSeconds

integer

TimeoutSeconds is the time to wait for updates before giving up. If the value is nil, a default will be used.

updatePeriodSeconds

integer

UpdatePeriodSeconds is the time to wait between individual pod updates. If the value is nil, a default will be used.

LifecycleHook [v1/apps.openshift.io]

The following table describes the parameters for LifecycleHook object:

Field Type Description

execNewPod

ExecNewPodHook

ExecNewPod specifies the options for a lifecycle hook backed by a pod.

failurePolicy

string

FailurePolicy specifies what action to take if the hook fails.

tagImages

TagImageHook array

TagImages instructs the deployer to tag the current image referenced under a container onto an image stream tag.

TagImageHook [v1/apps.openshift.io]

The following table describes the parameters for TagImageHook object:

Field Type Description

containerName

string

ContainerName is the name of a container in the deployment config whose image value will be used as the source of the tag. If there is only a single container this value will be defaulted to the name of that container.

to

ObjectReference

To is the target ImageStreamTag to set the container’s image onto.

ExecNewPodHook [v1/apps.openshift.io]

The following table describes the parameters for ExecNewPodHook object:

Field Type Description

command

string array

Command is the action command and its arguments.

containerName

string

ContainerName is the name of a container in the deployment pod template whose container image will be used for the hook pod’s container.

env

EnvVar array

Env is a set of environment variables to supply to the hook pod’s container.

volumes

string array

Volumes is a list of named volumes from the pod template which should be copied to the hook pod. Volumes names not found in pod spec are ignored. An empty list means no volumes will be copied.

RecreateDeploymentStrategyParams [v1/apps.openshift.io]

The following table describes the parameters for RecreateDeploymentStrategyParams object:

Field Type Description

mid

LifecycleHook

Mid is a lifecycle hook which is executed while the deployment is scaled down to zero before the first new pod is created. All LifecycleHookFailurePolicy values are supported.

post

LifecycleHook

Post is a lifecycle hook which is executed after the strategy has finished all deployment logic. All LifecycleHookFailurePolicy values are supported.

pre

LifecycleHook

Pre is a lifecycle hook which is executed before the strategy manipulates the deployment. All LifecycleHookFailurePolicy values are supported.

timeoutSeconds

integer

TimeoutSeconds is the time to wait for updates before giving up. If the value is nil, a default will be used.

CustomDeploymentStrategyParams [v1/apps.openshift.io]

The following table describes the parameters for CustomDeploymentStrategyParams object:

Field Type Description

command

string array

Command is optional and overrides CMD in the container Image.

environment

EnvVar array

Environment holds the environment which will be given to the container for Image.

image

string

Image specifies a container image which can carry out a deployment.

ObjectMeta_v2 [v1/meta]

The following table describes the parameters for ObjectMeta_v2 object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

Operations

TokenReview v1 authentication

Definitions

TokenReview [v1/authentication]

The following table describes the parameters for the TokenReview object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

spec

TokenReviewSpec

Spec holds information about the request being evaluated

status

TokenReviewStatus

Status is filled in by the server and indicates whether the request can be authenticated.

TokenReviewSpec [v1/authentication]

The following table describes the parameters for TokenReviewSpec object:

Field Type Description

audiences

string array

Audiences is a list of the identifiers that the resource server presented with the token identifies as. Audience-aware token authenticators will verify that the token was intended for at least one of the audiences in this list. If no audiences are provided, the audience will default to the audience of the Kubernetes apiserver.

token

string

Token is the opaque bearer token.

TokenReviewStatus [v1/authentication]

The following table describes the parameters for TokenReviewStatus object:

Field Type Description

audiences

string array

Audiences are audience identifiers chosen by the authenticator that are compatible with both the TokenReview and token. An identifier is any identifier in the intersection of the TokenReviewSpec audiences and the token’s audiences. A client of the TokenReview API that sets the spec.audiences field should validate that a compatible audience identifier is returned in the status.audiences field to ensure that the TokenReview server is audience aware. If a TokenReview returns an empty status.audience field where status.authenticated is "true", the token is valid against the audience of the Kubernetes API server.

authenticated

boolean

Authenticated indicates that the token was associated with a known user.

error

string

Error indicates that the token couldn’t be checked

user

UserInfo

User is the UserInfo associated with the provided token.

UserInfo [v1/authentication]

The following table describes the parameters for UserInfo object:

Field Type Description

extra

object

Any additional information provided by the authenticator.

groups

string array

The names of groups this user is a part of.

uid

string

A unique value that identifies this user across time. If this user is deleted and another user by the same name is added, they will have different UIDs.

username

string

The name that uniquely identifies this user among all active users.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a TokenReview

HTTP request

post /apis/authentication.k8s.io/v1/tokenreviews

Table 1112. HTTP body
Object	Type
`body`	TokenReview

Table 1113. Query parameters
Parameter	Description
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
`pretty`	If 'true', then the output is pretty printed.

Table 1114. HTTP responses
Code	Type
200 - OK	TokenReview
201 - Created	TokenReview
202 - Accepted	TokenReview

LocalSubjectAccessReview v1 authorization

Definitions

LocalSubjectAccessReview [v1/authorization]

The following table describes the parameters for the LocalSubjectAccessReview object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

spec

SubjectAccessReviewSpec

Spec holds information about the request being evaluated. spec.namespace must be equal to the namespace you made the request against. If empty, it is defaulted.

status

SubjectAccessReviewStatus

Status is filled in by the server and indicates whether the request is allowed or not

SubjectAccessReviewStatus [v1/authorization]

The following table describes the parameters for SubjectAccessReviewStatus object:

Field Type Description

allowed

boolean

Allowed is required. True if the action would be allowed, false otherwise.

denied

boolean

Denied is optional. True if the action would be denied, otherwise false. If both allowed is false and denied is false, then the authorizer has no opinion on whether to authorize the action. Denied may not be true if Allowed is true.

evaluationError

string

EvaluationError is an indication that some error occurred during the authorization check. It is entirely possible to get an error and be able to continue determine authorization status in spite of it. For instance, RBAC can be missing a role, but enough roles are still present and bound to reason about the request.

reason

string

Reason is optional. It indicates why a request was allowed or denied.

SubjectAccessReviewSpec [v1/authorization]

The following table describes the parameters for SubjectAccessReviewSpec object:

Field Type Description

extra

object

Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer it needs a reflection here.

groups

string array

Groups is the groups you’re testing for.

nonResourceAttributes

NonResourceAttributes

NonResourceAttributes describes information for a non-resource access request

resourceAttributes

ResourceAttributes

ResourceAuthorizationAttributes describes information for a resource access request

uid

string

UID information about the requesting user.

user

string

User is the user you’re testing for. If you specify "User" but not "Groups", then is it interpreted as "What if User were not a member of any groups

ResourceAttributes [v1/authorization]

The following table describes the parameters for ResourceAttributes object:

Field Type Description

group

string

Group is the API Group of the Resource. "*" means all.

name

string

Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.

namespace

string

Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces "" (empty) is defaulted for LocalSubjectAccessReviews "" (empty) is empty for cluster-scoped resources "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview

resource

string

Resource is one of the existing resource types. "*" means all.

subresource

string

Subresource is one of the existing resource types. "" means none.

verb

string

Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. "*" means all.

version

string

Version is the API Version of the Resource. "*" means all.

NonResourceAttributes [v1/authorization]

The following table describes the parameters for NonResourceAttributes object:

Field Type Description

path

string

Path is the URL path of the request

verb

string

Verb is the standard HTTP verb

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a LocalSubjectAccessReview

HTTP request

post /apis/authorization.k8s.io/v1/namespaces/{namespace}/localsubjectaccessreviews

Table 1115. HTTP body
Object	Type
`body`	LocalSubjectAccessReview

Table 1116. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1117. Query parameters
Parameter	Description
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
`pretty`	If 'true', then the output is pretty printed.

Table 1118. HTTP responses
Code	Type
200 - OK	LocalSubjectAccessReview
201 - Created	LocalSubjectAccessReview
202 - Accepted	LocalSubjectAccessReview

SelfSubjectAccessReview v1 authorization

Definitions

SelfSubjectAccessReview [v1/authorization]

The following table describes the parameters for the SelfSubjectAccessReview object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

spec

SelfSubjectAccessReviewSpec

Spec holds information about the request being evaluated. user and groups must be empty

status

SubjectAccessReviewStatus

Status is filled in by the server and indicates whether the request is allowed or not

SelfSubjectAccessReviewSpec [v1/authorization]

The following table describes the parameters for SelfSubjectAccessReviewSpec object:

Field Type Description

nonResourceAttributes

NonResourceAttributes

NonResourceAttributes describes information for a non-resource access request

resourceAttributes

ResourceAttributes

ResourceAuthorizationAttributes describes information for a resource access request

SubjectAccessReviewStatus [v1/authorization]

The following table describes the parameters for SubjectAccessReviewStatus object:

Field Type Description

allowed

boolean

Allowed is required. True if the action would be allowed, false otherwise.

denied

boolean

Denied is optional. True if the action would be denied, otherwise false. If both allowed is false and denied is false, then the authorizer has no opinion on whether to authorize the action. Denied may not be true if Allowed is true.

evaluationError

string

EvaluationError is an indication that some error occurred during the authorization check. It is entirely possible to get an error and be able to continue determine authorization status in spite of it. For instance, RBAC can be missing a role, but enough roles are still present and bound to reason about the request.

reason

string

Reason is optional. It indicates why a request was allowed or denied.

ResourceAttributes [v1/authorization]

The following table describes the parameters for ResourceAttributes object:

Field Type Description

group

string

Group is the API Group of the Resource. "*" means all.

name

string

Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.

namespace

string

Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces "" (empty) is defaulted for LocalSubjectAccessReviews "" (empty) is empty for cluster-scoped resources "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview

resource

string

Resource is one of the existing resource types. "*" means all.

subresource

string

Subresource is one of the existing resource types. "" means none.

verb

string

Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. "*" means all.

version

string

Version is the API Version of the Resource. "*" means all.

NonResourceAttributes [v1/authorization]

The following table describes the parameters for NonResourceAttributes object:

Field Type Description

path

string

Path is the URL path of the request

verb

string

Verb is the standard HTTP verb

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a SelfSubjectAccessReview

HTTP request

post /apis/authorization.k8s.io/v1/selfsubjectaccessreviews

Table 1119. HTTP body
Object	Type
`body`	SelfSubjectAccessReview

Table 1120. Query parameters
Parameter	Description
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
`pretty`	If 'true', then the output is pretty printed.

Table 1121. HTTP responses
Code	Type
200 - OK	SelfSubjectAccessReview
201 - Created	SelfSubjectAccessReview
202 - Accepted	SelfSubjectAccessReview

SelfSubjectRulesReview v1 authorization

Definitions

SelfSubjectRulesReview [v1/authorization]

The following table describes the parameters for the SelfSubjectRulesReview object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

spec

SelfSubjectRulesReviewSpec

Spec holds information about the request being evaluated.

status

SubjectRulesReviewStatus

Status is filled in by the server and indicates the set of actions a user can perform.

SelfSubjectRulesReviewSpec [v1/authorization]

The following table describes the parameters for SelfSubjectRulesReviewSpec object:

Field Type Description

namespace

string

Namespace to evaluate rules for. Required.

SubjectRulesReviewStatus [v1/authorization]

The following table describes the parameters for SubjectRulesReviewStatus object:

Field Type Description

evaluationError

string

EvaluationError can appear in combination with Rules. It indicates an error occurred during rule evaluation, such as an authorizer that doesn’t support rule evaluation, and that ResourceRules and/or NonResourceRules may be incomplete.

incomplete

boolean

Incomplete is true when the rules returned by this call are incomplete. This is most commonly encountered when an authorizer, such as an external authorizer, doesn’t support rules evaluation.

nonResourceRules

NonResourceRule array

NonResourceRules is the list of actions the subject is allowed to perform on non-resources. The list ordering isn’t significant, may contain duplicates, and possibly be incomplete.

resourceRules

ResourceRule array

ResourceRules is the list of actions the subject is allowed to perform on resources. The list ordering isn’t significant, may contain duplicates, and possibly be incomplete.

ResourceRule [v1/authorization]

The following table describes the parameters for ResourceRule object:

Field Type Description

apiGroups

string array

APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. "*" means all.

resourceNames

string array

ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. "*" means all.

resources

string array

Resources is a list of resources this rule applies to. "" means all in the specified apiGroups. "/foo" represents the subresource 'foo' for all resources in the specified apiGroups.

verbs

string array

Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy. "*" means all.

NonResourceRule [v1/authorization]

The following table describes the parameters for NonResourceRule object:

Field Type Description

nonResourceURLs

string array

NonResourceURLs is a set of partial urls that a user should have access to. s are allowed, but only as the full, final step in the path. "" means all.

verbs

string array

Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options. "*" means all.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a SelfSubjectRulesReview

HTTP request

post /apis/authorization.k8s.io/v1/selfsubjectrulesreviews

Table 1122. HTTP body
Object	Type
`body`	SelfSubjectRulesReview

Table 1123. Query parameters
Parameter	Description
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
`pretty`	If 'true', then the output is pretty printed.

Table 1124. HTTP responses
Code	Type
200 - OK	SelfSubjectRulesReview
201 - Created	SelfSubjectRulesReview
202 - Accepted	SelfSubjectRulesReview

SubjectAccessReview v1 authorization

Definitions

SubjectAccessReview [v1/authorization]

The following table describes the parameters for the SubjectAccessReview object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

spec

SubjectAccessReviewSpec

Spec holds information about the request being evaluated

status

SubjectAccessReviewStatus

Status is filled in by the server and indicates whether the request is allowed or not

SubjectAccessReviewSpec [v1/authorization]

The following table describes the parameters for SubjectAccessReviewSpec object:

Field Type Description

extra

object

Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer it needs a reflection here.

groups

string array

Groups is the groups you’re testing for.

nonResourceAttributes

NonResourceAttributes

NonResourceAttributes describes information for a non-resource access request

resourceAttributes

ResourceAttributes

ResourceAuthorizationAttributes describes information for a resource access request

uid

string

UID information about the requesting user.

user

string

User is the user you’re testing for. If you specify "User" but not "Groups", then is it interpreted as "What if User were not a member of any groups

SubjectAccessReviewStatus [v1/authorization]

The following table describes the parameters for SubjectAccessReviewStatus object:

Field Type Description

allowed

boolean

Allowed is required. True if the action would be allowed, false otherwise.

denied

boolean

Denied is optional. True if the action would be denied, otherwise false. If both allowed is false and denied is false, then the authorizer has no opinion on whether to authorize the action. Denied may not be true if Allowed is true.

evaluationError

string

EvaluationError is an indication that some error occurred during the authorization check. It is entirely possible to get an error and be able to continue determine authorization status in spite of it. For instance, RBAC can be missing a role, but enough roles are still present and bound to reason about the request.

reason

string

Reason is optional. It indicates why a request was allowed or denied.

ResourceAttributes [v1/authorization]

The following table describes the parameters for ResourceAttributes object:

Field Type Description

group

string

Group is the API Group of the Resource. "*" means all.

name

string

Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.

namespace

string

Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces "" (empty) is defaulted for LocalSubjectAccessReviews "" (empty) is empty for cluster-scoped resources "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview

resource

string

Resource is one of the existing resource types. "*" means all.

subresource

string

Subresource is one of the existing resource types. "" means none.

verb

string

Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. "*" means all.

version

string

Version is the API Version of the Resource. "*" means all.

NonResourceAttributes [v1/authorization]

The following table describes the parameters for NonResourceAttributes object:

Field Type Description

path

string

Path is the URL path of the request

verb

string

Verb is the standard HTTP verb

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a SubjectAccessReview

HTTP request

post /apis/authorization.k8s.io/v1/subjectaccessreviews

Table 1125. HTTP body
Object	Type
`body`	SubjectAccessReview

Table 1126. Query parameters
Parameter	Description
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
`pretty`	If 'true', then the output is pretty printed.

Table 1127. HTTP responses
Code	Type
200 - OK	SubjectAccessReview
201 - Created	SubjectAccessReview
202 - Accepted	SubjectAccessReview

ClusterRole v1 authorization.openshift.io

Appears in

ClusterRoleList [authorization.openshift.io/v1]

Definitions

ClusterRole [v1/authorization.openshift.io]

The following table describes the parameters for the ClusterRole object:

Field Type Description

aggregationRule

AggregationRule

AggregationRule is an optional field that describes how to build the Rules for this ClusterRole. If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be stomped by the controller.

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

rules

PolicyRule array

Rules holds all the PolicyRules for this ClusterRole

ClusterRoleList [v1/authorization.openshift.io]

The following table describes the parameters for ClusterRoleList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

ClusterRole array

Items is a list of ClusterRoles

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

PolicyRule [v1/authorization.openshift.io]

The following table describes the parameters for PolicyRule object:

Field Type Description

apiGroups

string array

APIGroups is the name of the APIGroup that contains the resources. If this field is empty, then both kubernetes and origin API groups are assumed. That means that if an action is requested against one of the enumerated resources in either the kubernetes or the origin API group, the request will be allowed

attributeRestrictions

AttributeRestrictions will vary depending on what the Authorizer/AuthorizationAttributeBuilder pair supports. If the Authorizer does not recognize how to handle the AttributeRestrictions, the Authorizer should report an error.

nonResourceURLs

string array

NonResourceURLsSlice is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path This name is intentionally different than the internal type so that the DefaultConvert works nicely and because the ordering may be different.

resourceNames

string array

ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.

resources

string array

Resources is a list of resources this rule applies to. ResourceAll represents all resources.

verbs

string array

Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds.

ObjectMeta_v2 [v1/meta]

The following table describes the parameters for ObjectMeta_v2 object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

AggregationRule [v1/rbac]

The following table describes the parameters for AggregationRule object:

Field Type Description

clusterRoleSelectors

LabelSelector array

ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules. If any of the selectors match, then the ClusterRole’s permissions will be added

LabelSelector [v1/meta]

The following table describes the parameters for LabelSelector object:

Field Type Description

matchExpressions

LabelSelectorRequirement array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchLabels

object

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

LabelSelectorRequirement [v1/meta]

The following table describes the parameters for LabelSelectorRequirement object:

Field Type Description

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

string array

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

Operations

ClusterRoleBinding v1 authorization.openshift.io

Appears in

ClusterRoleBindingList [authorization.openshift.io/v1]

Definitions

ClusterRoleBinding [v1/authorization.openshift.io]

The following table describes the parameters for the ClusterRoleBinding object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

groupNames

string array

GroupNames holds all the groups directly bound to the role. This field should only be specified when supporting legacy clients and servers. See Subjects for further details.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

roleRef

ObjectReference

RoleRef can only reference the current namespace and the global namespace. If the ClusterRoleRef cannot be resolved, the Authorizer must return an error. Since Policy is a singleton, this is sufficient knowledge to locate a role.

subjects

ObjectReference array

Subjects hold object references to authorize with this rule. This field is ignored if UserNames or GroupNames are specified to support legacy clients and servers. Thus newer clients that do not need to support backwards compatibility should send only fully qualified Subjects and should omit the UserNames and GroupNames fields. Clients that need to support backwards compatibility can use this field to build the UserNames and GroupNames.

userNames

string array

UserNames holds all the usernames directly bound to the role. This field should only be specified when supporting legacy clients and servers. See Subjects for further details.

ClusterRoleBindingList [v1/authorization.openshift.io]

The following table describes the parameters for ClusterRoleBindingList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

ClusterRoleBinding array

Items is a list of ClusterRoleBindings

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

ObjectReference [v1/core]

The following table describes the parameters for ObjectReference object:

Field Type Description

apiVersion

string

API version of the referent.

fieldPath

string

If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

ObjectMeta_v2 [v1/meta]

The following table describes the parameters for ObjectMeta_v2 object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

LocalResourceAccessReview v1 authorization.openshift.io

Definitions

LocalResourceAccessReview [v1/authorization.openshift.io]

The following table describes the parameters for the LocalResourceAccessReview object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

content

Content is the actual content of the request for create and update

isNonResourceURL

boolean

IsNonResourceURL is true if this is a request for a non-resource URL (outside of the resource hieraarchy)

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

namespace

string

Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces

path

string

Path is the path of a non resource URL

resource

string

Resource is one of the existing resource types

resourceAPIGroup

string

Group is the API group of the resource Serialized as resourceAPIGroup to avoid confusion with the 'groups' field when inlined

resourceAPIVersion

string

Version is the API version of the resource Serialized as resourceAPIVersion to avoid confusion with TypeMeta.apiVersion and ObjectMeta.resourceVersion when inlined

resourceName

string

ResourceName is the name of the resource being requested for a "get" or deleted for a "delete"

verb

string

Verb is one of: get, list, watch, create, update, delete

Operations

LocalSubjectAccessReview v1 authorization.openshift.io

Definitions

LocalSubjectAccessReview [v1/authorization.openshift.io]

The following table describes the parameters for the LocalSubjectAccessReview object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

content

Content is the actual content of the request for create and update

groups

string array

Groups is optional. Groups is the list of groups to which the User belongs.

isNonResourceURL

boolean

IsNonResourceURL is true if this is a request for a non-resource URL (outside of the resource hieraarchy)

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

namespace

string

Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces

path

string

Path is the path of a non resource URL

resource

string

Resource is one of the existing resource types

resourceAPIGroup

string

Group is the API group of the resource Serialized as resourceAPIGroup to avoid confusion with the 'groups' field when inlined

resourceAPIVersion

string

Version is the API version of the resource Serialized as resourceAPIVersion to avoid confusion with TypeMeta.apiVersion and ObjectMeta.resourceVersion when inlined

resourceName

string

ResourceName is the name of the resource being requested for a "get" or deleted for a "delete"

scopes

string array

Scopes to use for the evaluation. Empty means "use the unscoped (full) permissions of the user/groups". Nil for a self-SAR, means "use the scopes on this request". Nil for a regular SAR, means the same as empty.

user

string

User is optional. If both User and Groups are empty, the current authenticated user is used.

verb

string

Verb is one of: get, list, watch, create, update, delete

Operations

Write Operations

Create

create a LocalSubjectAccessReview

HTTP request

post /apis/authorization.k8s.io/v1/namespaces/{namespace}/localsubjectaccessreviews

Table 1128. HTTP body
Object	Type
`body`	LocalSubjectAccessReview

Table 1129. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1130. Query parameters
Parameter	Description
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
`pretty`	If 'true', then the output is pretty printed.

Table 1131. HTTP responses
Code	Type
200 - OK	LocalSubjectAccessReview
201 - Created	LocalSubjectAccessReview
202 - Accepted	LocalSubjectAccessReview

ResourceAccessReview v1 authorization.openshift.io

Definitions

ResourceAccessReview [v1/authorization.openshift.io]

The following table describes the parameters for the ResourceAccessReview object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

content

Content is the actual content of the request for create and update

isNonResourceURL

boolean

IsNonResourceURL is true if this is a request for a non-resource URL (outside of the resource hieraarchy)

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

namespace

string

Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces

path

string

Path is the path of a non resource URL

resource

string

Resource is one of the existing resource types

resourceAPIGroup

string

Group is the API group of the resource Serialized as resourceAPIGroup to avoid confusion with the 'groups' field when inlined

resourceAPIVersion

string

Version is the API version of the resource Serialized as resourceAPIVersion to avoid confusion with TypeMeta.apiVersion and ObjectMeta.resourceVersion when inlined

resourceName

string

ResourceName is the name of the resource being requested for a "get" or deleted for a "delete"

verb

string

Verb is one of: get, list, watch, create, update, delete

Operations

Role v1 authorization.openshift.io

Appears in

RoleList [authorization.openshift.io/v1]

Definitions

Role [v1/authorization.openshift.io]

The following table describes the parameters for the Role object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

rules

PolicyRule array

Rules holds all the PolicyRules for this Role

RoleList [v1/authorization.openshift.io]

The following table describes the parameters for RoleList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Role array

Items is a list of Roles

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

PolicyRule [v1/authorization.openshift.io]

The following table describes the parameters for PolicyRule object:

Field Type Description

apiGroups

string array

APIGroups is the name of the APIGroup that contains the resources. If this field is empty, then both kubernetes and origin API groups are assumed. That means that if an action is requested against one of the enumerated resources in either the kubernetes or the origin API group, the request will be allowed

attributeRestrictions

AttributeRestrictions will vary depending on what the Authorizer/AuthorizationAttributeBuilder pair supports. If the Authorizer does not recognize how to handle the AttributeRestrictions, the Authorizer should report an error.

nonResourceURLs

string array

NonResourceURLsSlice is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path This name is intentionally different than the internal type so that the DefaultConvert works nicely and because the ordering may be different.

resourceNames

string array

ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.

resources

string array

Resources is a list of resources this rule applies to. ResourceAll represents all resources.

verbs

string array

Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds.

ObjectMeta_v2 [v1/meta]

The following table describes the parameters for ObjectMeta_v2 object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

RoleBinding v1 authorization.openshift.io

Appears in

RoleBindingList [authorization.openshift.io/v1]

Definitions

RoleBinding [v1/authorization.openshift.io]

The following table describes the parameters for the RoleBinding object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

groupNames

string array

GroupNames holds all the groups directly bound to the role. This field should only be specified when supporting legacy clients and servers. See Subjects for further details.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

roleRef

ObjectReference

RoleRef can only reference the current namespace and the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. Since Policy is a singleton, this is sufficient knowledge to locate a role.

subjects

ObjectReference array

Subjects hold object references to authorize with this rule. This field is ignored if UserNames or GroupNames are specified to support legacy clients and servers. Thus newer clients that do not need to support backwards compatibility should send only fully qualified Subjects and should omit the UserNames and GroupNames fields. Clients that need to support backwards compatibility can use this field to build the UserNames and GroupNames.

userNames

string array

UserNames holds all the usernames directly bound to the role. This field should only be specified when supporting legacy clients and servers. See Subjects for further details.

RoleBindingList [v1/authorization.openshift.io]

The following table describes the parameters for RoleBindingList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

RoleBinding array

Items is a list of RoleBindings

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

ObjectReference [v1/core]

The following table describes the parameters for ObjectReference object:

Field Type Description

apiVersion

string

API version of the referent.

fieldPath

string

If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

ObjectMeta_v2 [v1/meta]

The following table describes the parameters for ObjectMeta_v2 object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

RoleBindingRestriction v1 authorization.openshift.io

Appears in

RoleBindingRestrictionList [authorization.openshift.io/v1]

Definitions

RoleBindingRestriction [v1/authorization.openshift.io]

The following table describes the parameters for the RoleBindingRestriction object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

Spec defines the matcher.

RoleBindingRestrictionSpec [v1/authorization.openshift.io]

The following table describes the parameters for RoleBindingRestrictionSpec object:

Field Type Description

grouprestriction

GroupRestriction

GroupRestriction matches against group subjects.

serviceaccountrestriction

ServiceAccountRestriction

ServiceAccountRestriction matches against service-account subjects.

userrestriction

UserRestriction

UserRestriction matches against user subjects.

RoleBindingRestrictionList [v1/authorization.openshift.io]

The following table describes the parameters for RoleBindingRestrictionList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

RoleBindingRestriction array

List of rolebindingrestrictions. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

SelfSubjectRulesReview v1 authorization.openshift.io

Definitions

SelfSubjectRulesReview [v1/authorization.openshift.io]

The following table describes the parameters for the SelfSubjectRulesReview object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

spec

SelfSubjectRulesReviewSpec

Spec adds information about how to conduct the check

status

SubjectRulesReviewStatus

Status is completed by the server to tell which permissions you have

SelfSubjectRulesReviewSpec [v1/authorization.openshift.io]

The following table describes the parameters for SelfSubjectRulesReviewSpec object:

Field Type Description

scopes

string array

Scopes to use for the evaluation. Empty means "use the unscoped (full) permissions of the user/groups". Nil means "use the scopes on this request".

SubjectRulesReviewStatus [v1/authorization.openshift.io]

The following table describes the parameters for SubjectRulesReviewStatus object:

Field Type Description

evaluationError

string

EvaluationError can appear in combination with Rules. It means some error happened during evaluation that may have prevented additional rules from being populated.

rules

PolicyRule array

Rules is the list of rules (no particular sort) that are allowed for the subject

PolicyRule [v1/authorization.openshift.io]

The following table describes the parameters for PolicyRule object:

Field Type Description

apiGroups

string array

APIGroups is the name of the APIGroup that contains the resources. If this field is empty, then both kubernetes and origin API groups are assumed. That means that if an action is requested against one of the enumerated resources in either the kubernetes or the origin API group, the request will be allowed

attributeRestrictions

AttributeRestrictions will vary depending on what the Authorizer/AuthorizationAttributeBuilder pair supports. If the Authorizer does not recognize how to handle the AttributeRestrictions, the Authorizer should report an error.

nonResourceURLs

string array

NonResourceURLsSlice is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path This name is intentionally different than the internal type so that the DefaultConvert works nicely and because the ordering may be different.

resourceNames

string array

ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.

resources

string array

Resources is a list of resources this rule applies to. ResourceAll represents all resources.

verbs

string array

Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds.

Operations

Write Operations

Create

create a SelfSubjectRulesReview

HTTP request

post /apis/authorization.k8s.io/v1/selfsubjectrulesreviews

Table 1132. HTTP body
Object	Type
`body`	SelfSubjectRulesReview

Table 1133. Query parameters
Parameter	Description
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
`pretty`	If 'true', then the output is pretty printed.

Table 1134. HTTP responses
Code	Type
200 - OK	SelfSubjectRulesReview
201 - Created	SelfSubjectRulesReview
202 - Accepted	SelfSubjectRulesReview

SubjectAccessReview v1 authorization.openshift.io

Definitions

SubjectAccessReview [v1/authorization.openshift.io]

The following table describes the parameters for the SubjectAccessReview object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

content

Content is the actual content of the request for create and update

groups

string array

GroupsSlice is optional. Groups is the list of groups to which the User belongs.

isNonResourceURL

boolean

IsNonResourceURL is true if this is a request for a non-resource URL (outside of the resource hieraarchy)

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

namespace

string

Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces

path

string

Path is the path of a non resource URL

resource

string

Resource is one of the existing resource types

resourceAPIGroup

string

Group is the API group of the resource Serialized as resourceAPIGroup to avoid confusion with the 'groups' field when inlined

resourceAPIVersion

string

Version is the API version of the resource Serialized as resourceAPIVersion to avoid confusion with TypeMeta.apiVersion and ObjectMeta.resourceVersion when inlined

resourceName

string

ResourceName is the name of the resource being requested for a "get" or deleted for a "delete"

scopes

string array

Scopes to use for the evaluation. Empty means "use the unscoped (full) permissions of the user/groups". Nil for a self-SAR, means "use the scopes on this request". Nil for a regular SAR, means the same as empty.

user

string

User is optional. If both User and Groups are empty, the current authenticated user is used.

verb

string

Verb is one of: get, list, watch, create, update, delete

Operations

Write Operations

Create

create a SubjectAccessReview

HTTP request

post /apis/authorization.k8s.io/v1/subjectaccessreviews

Table 1135. HTTP body
Object	Type
`body`	SubjectAccessReview

Table 1136. Query parameters
Parameter	Description
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
`pretty`	If 'true', then the output is pretty printed.

Table 1137. HTTP responses
Code	Type
200 - OK	SubjectAccessReview
201 - Created	SubjectAccessReview
202 - Accepted	SubjectAccessReview

SubjectRulesReview v1 authorization.openshift.io

Definitions

SubjectRulesReview [v1/authorization.openshift.io]

The following table describes the parameters for the SubjectRulesReview object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

spec

SubjectRulesReviewSpec

Spec adds information about how to conduct the check

status

SubjectRulesReviewStatus

Status is completed by the server to tell which permissions you have

SubjectRulesReviewSpec [v1/authorization.openshift.io]

The following table describes the parameters for SubjectRulesReviewSpec object:

Field Type Description

groups

string array

Groups is optional. Groups is the list of groups to which the User belongs. At least one of User and Groups must be specified.

scopes

string array

Scopes to use for the evaluation. Empty means "use the unscoped (full) permissions of the user/groups".

user

string

User is optional. At least one of User and Groups must be specified.

SubjectRulesReviewStatus [v1/authorization.openshift.io]

The following table describes the parameters for SubjectRulesReviewStatus object:

Field Type Description

evaluationError

string

EvaluationError can appear in combination with Rules. It means some error happened during evaluation that may have prevented additional rules from being populated.

rules

PolicyRule array

Rules is the list of rules (no particular sort) that are allowed for the subject

PolicyRule [v1/authorization.openshift.io]

The following table describes the parameters for PolicyRule object:

Field Type Description

apiGroups

string array

APIGroups is the name of the APIGroup that contains the resources. If this field is empty, then both kubernetes and origin API groups are assumed. That means that if an action is requested against one of the enumerated resources in either the kubernetes or the origin API group, the request will be allowed

attributeRestrictions

AttributeRestrictions will vary depending on what the Authorizer/AuthorizationAttributeBuilder pair supports. If the Authorizer does not recognize how to handle the AttributeRestrictions, the Authorizer should report an error.

nonResourceURLs

string array

NonResourceURLsSlice is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path This name is intentionally different than the internal type so that the DefaultConvert works nicely and because the ordering may be different.

resourceNames

string array

ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.

resources

string array

Resources is a list of resources this rule applies to. ResourceAll represents all resources.

verbs

string array

Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds.

Operations

HorizontalPodAutoscaler v1 autoscaling

Appears in

HorizontalPodAutoscalerList [autoscaling/v1]

Definitions

HorizontalPodAutoscaler [v1/autoscaling]

The following table describes the parameters for the HorizontalPodAutoscaler object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

HorizontalPodAutoscalerSpec

behaviour of autoscaler. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status.

status

HorizontalPodAutoscalerStatus

current information about the autoscaler.

HorizontalPodAutoscalerSpec [v1/autoscaling]

The following table describes the parameters for HorizontalPodAutoscalerSpec object:

Field Type Description

maxReplicas

integer

upper limit for the number of pods that can be set by the autoscaler; cannot be smaller than MinReplicas.

minReplicas

integer

minReplicas is the lower limit for the number of replicas to which the autoscaler can scale down. It defaults to 1 pod. minReplicas is allowed to be 0 if the alpha feature gate HPAScaleToZero is enabled and at least one Object or External metric is configured. Scaling is active as long as at least one metric value is available.

scaleTargetRef

CrossVersionObjectReference

reference to scaled resource; horizontal pod autoscaler will learn the current resource consumption and will set the desired number of pods by using its Scale subresource.

targetCPUUtilizationPercentage

integer

target average CPU utilization (represented as a percentage of requested CPU) over all the pods; if not specified the default autoscaling policy will be used.

HorizontalPodAutoscalerStatus [v1/autoscaling]

The following table describes the parameters for HorizontalPodAutoscalerStatus object:

Field Type Description

currentCPUUtilizationPercentage

integer

current average CPU utilization over all pods, represented as a percentage of requested CPU, e.g. 70 means that an average pod is using now 70% of its requested CPU.

currentReplicas

integer

current number of replicas of pods managed by this autoscaler.

desiredReplicas

integer

desired number of replicas of pods managed by this autoscaler.

lastScaleTime

Time

last time the HorizontalPodAutoscaler scaled the number of pods; used by the autoscaler to control how often the number of pods is changed.

observedGeneration

integer

most recent generation observed by this autoscaler.

HorizontalPodAutoscalerList [v1/autoscaling]

The following table describes the parameters for HorizontalPodAutoscalerList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

HorizontalPodAutoscaler array

list of horizontal pod autoscaler objects.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata.

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

CrossVersionObjectReference [v1/autoscaling]

The following table describes the parameters for CrossVersionObjectReference object:

Field Type Description

apiVersion

string

API version of the referent

kind

string

Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"

name

string

Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a HorizontalPodAutoscaler

HTTP request

post /apis/autoscaling/v1/namespaces/{namespace}/horizontalpodautoscalers

Table 1138. HTTP body
Object	Type
`body`	HorizontalPodAutoscaler

Table 1139. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1140. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1141. HTTP responses
Code	Type
200 - OK	HorizontalPodAutoscaler
201 - Created	HorizontalPodAutoscaler
202 - Accepted	HorizontalPodAutoscaler

Patch

partially update the specified HorizontalPodAutoscaler

HTTP request

patch /apis/autoscaling/v1/namespaces/{namespace}/horizontalpodautoscalers/{name}

Table 1142. HTTP body
Object	Type
`body`	Patch

Table 1143. Path parameters
Parameter	Description
`name`	name of the HorizontalPodAutoscaler
`namespace`	object name and auth scope, such as for teams and projects

Table 1144. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1145. HTTP responses
Code	Type
200 - OK	HorizontalPodAutoscaler

Replace

replace the specified HorizontalPodAutoscaler

HTTP request

put /apis/autoscaling/v1/namespaces/{namespace}/horizontalpodautoscalers/{name}

Table 1146. HTTP body
Object	Type
`body`	HorizontalPodAutoscaler

Table 1147. Path parameters
Parameter	Description
`name`	name of the HorizontalPodAutoscaler
`namespace`	object name and auth scope, such as for teams and projects

Table 1148. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1149. HTTP responses
Code	Type
200 - OK	HorizontalPodAutoscaler
201 - Created	HorizontalPodAutoscaler

Delete

delete a HorizontalPodAutoscaler

HTTP request

delete /apis/autoscaling/v1/namespaces/{namespace}/horizontalpodautoscalers/{name}

Table 1150. HTTP body
Object	Type
`body`	DeleteOptions

Table 1151. Path parameters
Parameter	Description
`name`	name of the HorizontalPodAutoscaler
`namespace`	object name and auth scope, such as for teams and projects

Table 1152. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 1153. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of HorizontalPodAutoscaler

HTTP request

delete /apis/autoscaling/v1/namespaces/{namespace}/horizontalpodautoscalers

Table 1154. HTTP body
Object	Type
`body`	DeleteOptions

Table 1155. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1156. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1157. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified HorizontalPodAutoscaler

HTTP request

get /apis/autoscaling/v1/namespaces/{namespace}/horizontalpodautoscalers/{name}

Table 1158. Path parameters
Parameter	Description
`name`	name of the HorizontalPodAutoscaler
`namespace`	object name and auth scope, such as for teams and projects

Table 1159. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 1160. HTTP responses
Code	Type
200 - OK	HorizontalPodAutoscaler

List

list or watch objects of kind HorizontalPodAutoscaler

HTTP request

get /apis/autoscaling/v1/namespaces/{namespace}/horizontalpodautoscalers

Table 1161. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1162. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1163. HTTP responses
Code	Type
200 - OK	HorizontalPodAutoscalerList

List All Namespaces

list or watch objects of kind HorizontalPodAutoscaler

HTTP request

get /apis/autoscaling/v1/horizontalpodautoscalers

Table 1164. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1165. HTTP responses
Code	Type
200 - OK	HorizontalPodAutoscalerList

Watch

watch changes to an object of kind HorizontalPodAutoscaler. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /apis/autoscaling/v1/watch/namespaces/{namespace}/horizontalpodautoscalers/{name}

Table 1166. Path parameters
Parameter	Description
`name`	name of the HorizontalPodAutoscaler
`namespace`	object name and auth scope, such as for teams and projects

Table 1167. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1168. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of HorizontalPodAutoscaler. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/autoscaling/v1/watch/namespaces/{namespace}/horizontalpodautoscalers

Table 1169. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1170. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1171. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List All Namespaces

watch individual changes to a list of HorizontalPodAutoscaler. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/autoscaling/v1/watch/horizontalpodautoscalers

Table 1172. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1173. HTTP responses
Code	Type
200 - OK	WatchEvent

Status Operations

Patch Status

partially update status of the specified HorizontalPodAutoscaler

HTTP request

patch /apis/autoscaling/v1/namespaces/{namespace}/horizontalpodautoscalers/{name}/status

Table 1174. HTTP body
Object	Type
`body`	Patch

Table 1175. Path parameters
Parameter	Description
`name`	name of the HorizontalPodAutoscaler
`namespace`	object name and auth scope, such as for teams and projects

Table 1176. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1177. HTTP responses
Code	Type
200 - OK	HorizontalPodAutoscaler

Read Status

read status of the specified HorizontalPodAutoscaler

HTTP request

get /apis/autoscaling/v1/namespaces/{namespace}/horizontalpodautoscalers/{name}/status

Table 1178. Path parameters
Parameter	Description
`name`	name of the HorizontalPodAutoscaler
`namespace`	object name and auth scope, such as for teams and projects

Table 1179. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 1180. HTTP responses
Code	Type
200 - OK	HorizontalPodAutoscaler

Replace Status

replace status of the specified HorizontalPodAutoscaler

HTTP request

put /apis/autoscaling/v1/namespaces/{namespace}/horizontalpodautoscalers/{name}/status

Table 1181. HTTP body
Object	Type
`body`	HorizontalPodAutoscaler

Table 1182. Path parameters
Parameter	Description
`name`	name of the HorizontalPodAutoscaler
`namespace`	object name and auth scope, such as for teams and projects

Table 1183. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1184. HTTP responses
Code	Type
200 - OK	HorizontalPodAutoscaler
201 - Created	HorizontalPodAutoscaler

ClusterAutoscaler v1 autoscaling.openshift.io

Appears in

ClusterAutoscalerList [autoscaling.openshift.io/v1]

Definitions

ClusterAutoscaler [v1/autoscaling.openshift.io]

The following table describes the parameters for the ClusterAutoscaler object:

Field

Type

Description

ClusterAutoscalerList [v1/autoscaling.openshift.io]

The following table describes the parameters for ClusterAutoscalerList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

ClusterAutoscaler array

List of clusterautoscalers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

MachineAutoscaler v1beta1 autoscaling.openshift.io

Appears in

MachineAutoscalerList [autoscaling.openshift.io/v1beta1]

Definitions

MachineAutoscaler [v1beta1/autoscaling.openshift.io]

The following table describes the parameters for the MachineAutoscaler object:

Field

Type

Description

MachineAutoscalerList [v1beta1/autoscaling.openshift.io]

The following table describes the parameters for MachineAutoscalerList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

MachineAutoscaler array

List of machineautoscalers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

CronJob v1beta1 batch

Appears in

CronJobList [batch/v1beta1]

Definitions

CronJob [v1beta1/batch]

The following table describes the parameters for the CronJob object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

CronJobSpec

Specification of the desired behavior of a cron job, including the schedule. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

status

CronJobStatus

Current status of a cron job. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

CronJobSpec [v1beta1/batch]

The following table describes the parameters for CronJobSpec object:

Field Type Description

concurrencyPolicy

string

Specifies how to treat concurrent executions of a Job. Valid values are: - "Allow" (default): allows CronJobs to run concurrently; - "Forbid": forbids concurrent runs, skipping next run if previous run hasn’t finished yet; - "Replace": cancels currently running job and replaces it with a new one

failedJobsHistoryLimit

integer

The number of failed finished jobs to retain. This is a pointer to distinguish between explicit zero and not specified. Defaults to 1.

jobTemplate

JobTemplateSpec

Specifies the job that will be created when executing a CronJob.

schedule

string

The schedule in Cron format, see https://en.wikipedia.org/wiki/Cron.

startingDeadlineSeconds

integer

Optional deadline in seconds for starting the job if it misses scheduled time for any reason. Missed jobs executions will be counted as failed ones.

successfulJobsHistoryLimit

integer

The number of successful finished jobs to retain. This is a pointer to distinguish between explicit zero and not specified. Defaults to 3.

suspend

boolean

This flag tells the controller to suspend subsequent executions, it does not apply to already started executions. Defaults to false.

CronJobStatus [v1beta1/batch]

The following table describes the parameters for CronJobStatus object:

Field Type Description

active

ObjectReference array

A list of pointers to currently running jobs.

lastScheduleTime

Time

Information when was the last time the job was successfully scheduled.

CronJobList [v1beta1/batch]

The following table describes the parameters for CronJobList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

CronJob array

items is the list of CronJobs.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

ObjectReference [v1/core]

The following table describes the parameters for ObjectReference object:

Field Type Description

apiVersion

string

API version of the referent.

fieldPath

string

If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

JobTemplateSpec [v1beta1/batch]

The following table describes the parameters for JobTemplateSpec object:

Field Type Description

metadata

ObjectMeta

Standard object’s metadata of the jobs created from this template. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

JobSpec

Specification of the desired behavior of the job. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

JobSpec [v1/batch]

The following table describes the parameters for JobSpec object:

Field Type Description

activeDeadlineSeconds

integer

Specifies the duration in seconds relative to the startTime that the job may be active before the system tries to terminate it; value must be positive integer

backoffLimit

integer

Specifies the number of retries before marking this job failed. Defaults to 6

completions

integer

Specifies the desired number of successfully finished pods the job should be run with. Setting to nil means that the success of any pod signals the success of all pods, and allows parallelism to have any positive value. Setting to 1 means that parallelism is limited to 1 and the success of that pod signals the success of the job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/

manualSelector

boolean

manualSelector controls generation of pod labels and pod selectors. Leave manualSelector unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template. When true, the user is responsible for picking unique labels and specifying the selector. Failure to pick a unique label may cause this and other jobs to not function correctly. However, You may see manualSelector=true in jobs that were created with the old extensions/v1beta1 API. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector

parallelism

integer

Specifies the maximum desired number of pods the job should run at any given time. The actual number of pods running in steady state will be less than this number when ((.spec.completions - .status.successful) < .spec.parallelism), i.e. when the work left to do is less than max parallelism. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/

selector

LabelSelector

A label query over pods that should match the pod count. Normally, the system sets this field for you. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors

template

PodTemplateSpec

Describes the pod that will be created when executing a job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/

ttlSecondsAfterFinished

integer

ttlSecondsAfterFinished limits the lifetime of a Job that has finished execution (either Complete or Failed). If this field is set, ttlSecondsAfterFinished after the Job finishes, it is eligible to be automatically deleted. When the Job is being deleted, its lifecycle guarantees (e.g. finalizers) will be honored. If this field is unset, the Job won’t be automatically deleted. If this field is set to zero, the Job becomes eligible to be deleted immediately after it finishes. This field is alpha-level and is only honored by servers that enable the TTLAfterFinished feature.

PodTemplateSpec [v1/core]

The following table describes the parameters for PodTemplateSpec object:

Field Type Description

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

PodSpec

Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

PodSpec [v1/core]

The following table describes the parameters for PodSpec object:

Field Type Description

activeDeadlineSeconds

integer

Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.

affinity

Affinity

If specified, the pod’s scheduling constraints

automountServiceAccountToken

boolean

AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.

containers

Container array

List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.

dnsConfig

PodDNSConfig

Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.

dnsPolicy

string

Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.

enableServiceLinks

boolean

EnableServiceLinks indicates whether information about services should be injected into pod’s environment variables, matching the syntax of Docker links. Optional: Defaults to true.

ephemeralContainers

EphemeralContainer array

List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod’s ephemeralcontainers subresource. This field is alpha-level and is only honored by servers that enable the EphemeralContainers feature.

hostAliases

HostAlias array

HostAliases is an optional list of hosts and IPs that will be injected into the pod’s hosts file if specified. This is only valid for non-hostNetwork pods.

hostIPC

boolean

Use the host’s ipc namespace. Optional: Default to false.

hostNetwork

boolean

Host networking requested for this pod. Use the host’s network namespace. If this option is set, the ports that will be used must be specified. Default to false.

hostPID

boolean

Use the host’s pid namespace. Optional: Default to false.

hostname

string

Specifies the hostname of the Pod If not specified, the pod’s hostname will be set to a system-defined value.

imagePullSecrets

LocalObjectReference array

ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod

initContainers

Container array

List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

nodeName

string

NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.

nodeSelector

object

NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node’s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/

overhead

object

Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md This field is alpha-level as of Kubernetes v1.16, and is only honored by servers that enable the PodOverhead feature.

preemptionPolicy

string

PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. This field is alpha-level and is only honored by servers that enable the NonPreemptingPriority feature.

priority

integer

The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.

priorityClassName

string

If specified, indicates the pod’s priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.

readinessGates

PodReadinessGate array

If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md

restartPolicy

string

Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy

runtimeClassName

string

RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md This is a beta feature as of Kubernetes v1.14.

schedulerName

string

If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.

securityContext

PodSecurityContext

SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.

serviceAccount

string

DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.

serviceAccountName

string

ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

shareProcessNamespace

boolean

Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false. This field is beta-level and may be disabled with the PodShareProcessNamespace feature.

subdomain

string

If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not specified, the pod will not have a domainname at all.

terminationGracePeriodSeconds

integer

Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.

tolerations

Toleration array

If specified, the pod’s tolerations.

topologySpreadConstraints

TopologySpreadConstraint array

TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. This field is alpha-level and is only honored by clusters that enables the EvenPodsSpread feature. All topologySpreadConstraints are ANDed.

volumes

Volume array

List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes

Volume [v1/core]

The following table describes the parameters for Volume object:

Field Type Description

awsElasticBlockStore

AWSElasticBlockStoreVolumeSource

AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

azureDisk

AzureDiskVolumeSource

AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.

azureFile

AzureFileVolumeSource

AzureFile represents an Azure File Service mount on the host and bind mount to the pod.

cephfs

CephFSVolumeSource

CephFS represents a Ceph FS mount on the host that shares a pod’s lifetime

cinder

CinderVolumeSource

Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

configMap

ConfigMapVolumeSource

ConfigMap represents a configMap that should populate this volume

csi

CSIVolumeSource

CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature).

downwardAPI

DownwardAPIVolumeSource

DownwardAPI represents downward API about the pod that should populate this volume

emptyDir

EmptyDirVolumeSource

EmptyDir represents a temporary directory that shares a pod’s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir

fc

FCVolumeSource

FC represents a Fibre Channel resource that is attached to a kubelet’s host machine and then exposed to the pod.

flexVolume

FlexVolumeSource

FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.

flocker

FlockerVolumeSource

Flocker represents a Flocker volume attached to a kubelet’s host machine. This depends on the Flocker control service being running

gcePersistentDisk

GCEPersistentDiskVolumeSource

GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

gitRepo

GitRepoVolumeSource

GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod’s container.

glusterfs

GlusterfsVolumeSource

Glusterfs represents a Glusterfs mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md

hostPath

HostPathVolumeSource

HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

iscsi

ISCSIVolumeSource

ISCSI represents an ISCSI Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md

name

string

Volume’s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

nfs

NFSVolumeSource

NFS represents an NFS mount on the host that shares a pod’s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

persistentVolumeClaim

PersistentVolumeClaimVolumeSource

PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

photonPersistentDisk

PhotonPersistentDiskVolumeSource

PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine

portworxVolume

PortworxVolumeSource

PortworxVolume represents a portworx volume attached and mounted on kubelets host machine

projected

ProjectedVolumeSource

Items for all in one resources secrets, configmaps, and downward API

quobyte

QuobyteVolumeSource

Quobyte represents a Quobyte mount on the host that shares a pod’s lifetime

rbd

RBDVolumeSource

RBD represents a Rados Block Device mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md

scaleIO

ScaleIOVolumeSource

ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.

secret

SecretVolumeSource

Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret

storageos

StorageOSVolumeSource

StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.

vsphereVolume

VsphereVirtualDiskVolumeSource

VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine

VsphereVirtualDiskVolumeSource [v1/core]

The following table describes the parameters for VsphereVirtualDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

storagePolicyID

string

Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.

storagePolicyName

string

Storage Policy Based Management (SPBM) profile name.

volumePath

string

Path that identifies vSphere volume vmdk

StorageOSVolumeSource [v1/core]

The following table describes the parameters for StorageOSVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.

volumeName

string

VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.

volumeNamespace

string

VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod’s namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.

LocalObjectReference [v1/core]

The following table describes the parameters for LocalObjectReference object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

SecretVolumeSource [v1/core]

The following table describes the parameters for SecretVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

optional

boolean

Specify whether the Secret or its keys must be defined

secretName

string

Name of the secret in the pod’s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret

KeyToPath [v1/core]

The following table describes the parameters for KeyToPath object:

Field Type Description

key

string

The key to project.

mode

integer

Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

path

string

The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.

ScaleIOVolumeSource [v1/core]

The following table describes the parameters for ScaleIOVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".

gateway

string

The host address of the ScaleIO API Gateway.

protectionDomain

string

The name of the ScaleIO Protection Domain for the configured storage.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.

sslEnabled

boolean

Flag to enable/disable SSL communication with Gateway, default false

storageMode

string

Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.

storagePool

string

The ScaleIO Storage Pool associated with the protection domain.

system

string

The name of the storage system as configured in ScaleIO.

volumeName

string

The name of a volume already created in the ScaleIO system that is associated with this volume source.

RBDVolumeSource [v1/core]

The following table describes the parameters for RBDVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd

image

string

The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

keyring

string

Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

monitors

string array

A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

pool

string

The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

secretRef

LocalObjectReference

SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

user

string

The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

QuobyteVolumeSource [v1/core]

The following table describes the parameters for QuobyteVolumeSource object:

Field Type Description

group

string

Group to map volume access to Default is no group

readOnly

boolean

ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.

registry

string

Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes

tenant

string

Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin

user

string

User to map volume access to Defaults to serivceaccount user

volume

string

Volume is a string that references an already created Quobyte volume by name.

ProjectedVolumeSource [v1/core]

The following table describes the parameters for ProjectedVolumeSource object:

Field Type Description

defaultMode

integer

Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

sources

VolumeProjection array

list of volume projections

VolumeProjection [v1/core]

The following table describes the parameters for VolumeProjection object:

Field Type Description

configMap

ConfigMapProjection

information about the configMap data to project

downwardAPI

DownwardAPIProjection

information about the downwardAPI data to project

secret

SecretProjection

information about the secret data to project

serviceAccountToken

ServiceAccountTokenProjection

information about the serviceAccountToken data to project

ServiceAccountTokenProjection [v1/core]

The following table describes the parameters for ServiceAccountTokenProjection object:

Field Type Description

audience

string

Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.

expirationSeconds

integer

ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.

path

string

Path is the path relative to the mount point of the file to project the token into.

SecretProjection [v1/core]

The following table describes the parameters for SecretProjection object:

Field Type Description

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

DownwardAPIProjection [v1/core]

The following table describes the parameters for DownwardAPIProjection object:

Field Type Description

items

DownwardAPIVolumeFile array

Items is a list of DownwardAPIVolume file

DownwardAPIVolumeFile [v1/core]

The following table describes the parameters for DownwardAPIVolumeFile object:

Field Type Description

fieldRef

ObjectFieldSelector

Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.

mode

integer

Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

path

string

Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'

resourceFieldRef

ResourceFieldSelector

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.

ResourceFieldSelector [v1/core]

The following table describes the parameters for ResourceFieldSelector object:

Field Type Description

containerName

string

Container name: required for volumes, optional for env vars

divisor

Quantity

Specifies the output format of the exposed resources, defaults to "1"

resource

string

Required: resource to select

Quantity [resource/core]

The following table describes the parameters for Quantity object:

Field

Type

Description

ObjectFieldSelector [v1/core]

The following table describes the parameters for ObjectFieldSelector object:

Field Type Description

apiVersion

string

Version of the schema the FieldPath is written in terms of, defaults to "v1".

fieldPath

string

Path of the field to select in the specified API version.

ConfigMapProjection [v1/core]

The following table describes the parameters for ConfigMapProjection object:

Field Type Description

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its keys must be defined

PortworxVolumeSource [v1/core]

The following table describes the parameters for PortworxVolumeSource object:

Field Type Description

fsType

string

FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

volumeID

string

VolumeID uniquely identifies a Portworx volume

PhotonPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for PhotonPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

pdID

string

ID that identifies Photon Controller persistent disk

PersistentVolumeClaimVolumeSource [v1/core]

The following table describes the parameters for PersistentVolumeClaimVolumeSource object:

Field Type Description

claimName

string

ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

readOnly

boolean

Will force the ReadOnly setting in VolumeMounts. Default false.

NFSVolumeSource [v1/core]

The following table describes the parameters for NFSVolumeSource object:

Field Type Description

path

string

Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

readOnly

boolean

ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

server

string

Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

ISCSIVolumeSource [v1/core]

The following table describes the parameters for ISCSIVolumeSource object:

Field Type Description

chapAuthDiscovery

boolean

whether support iSCSI Discovery CHAP authentication

chapAuthSession

boolean

whether support iSCSI Session CHAP authentication

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi

initiatorName

string

Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.

iqn

string

Target iSCSI Qualified Name.

iscsiInterface

string

iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).

lun

integer

iSCSI Target Lun number.

portals

string array

iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.

secretRef

LocalObjectReference

CHAP Secret for iSCSI target and initiator authentication

targetPortal

string

iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

HostPathVolumeSource [v1/core]

The following table describes the parameters for HostPathVolumeSource object:

Field Type Description

path

string

Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

type

string

Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

GlusterfsVolumeSource [v1/core]

The following table describes the parameters for GlusterfsVolumeSource object:

Field Type Description

endpoints

string

EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

path

string

Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

readOnly

boolean

ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

GitRepoVolumeSource [v1/core]

The following table describes the parameters for GitRepoVolumeSource object:

Field Type Description

directory

string

Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.

repository

string

Repository URL

revision

string

Commit hash for the specified revision.

GCEPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for GCEPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

pdName

string

Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

FlockerVolumeSource [v1/core]

The following table describes the parameters for FlockerVolumeSource object:

Field Type Description

datasetName

string

Name of the dataset stored as metadata → name on the dataset for Flocker should be considered as deprecated

datasetUUID

string

UUID of the dataset. This is unique identifier of a Flocker dataset

FlexVolumeSource [v1/core]

The following table describes the parameters for FlexVolumeSource object:

Field Type Description

driver

string

Driver is the name of the driver to use for this volume.

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.

options

object

Optional: Extra command options if any.

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.

FCVolumeSource [v1/core]

The following table describes the parameters for FCVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

lun

integer

Optional: FC target lun number

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

targetWWNs

string array

Optional: FC target worldwide names (WWNs)

wwids

string array

Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.

EmptyDirVolumeSource [v1/core]

The following table describes the parameters for EmptyDirVolumeSource object:

Field Type Description

medium

string

What type of storage medium should back this directory. The default is "" which means to use the node’s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir

sizeLimit

Quantity

Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir

DownwardAPIVolumeSource [v1/core]

The following table describes the parameters for DownwardAPIVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

DownwardAPIVolumeFile array

Items is a list of downward API volume file

CSIVolumeSource [v1/core]

The following table describes the parameters for CSIVolumeSource object:

Field Type Description

driver

string

Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.

fsType

string

Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.

nodePublishSecretRef

LocalObjectReference

NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.

readOnly

boolean

Specifies a read-only configuration for the volume. Defaults to false (read/write).

volumeAttributes

object

VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver’s documentation for supported values.

ConfigMapVolumeSource [v1/core]

The following table describes the parameters for ConfigMapVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its keys must be defined

CinderVolumeSource [v1/core]

The following table describes the parameters for CinderVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

secretRef

LocalObjectReference

Optional: points to a secret object containing parameters used to connect to RHOSP.

volumeID

string

volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

CephFSVolumeSource [v1/core]

The following table describes the parameters for CephFSVolumeSource object:

Field Type Description

monitors

string array

Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

path

string

Optional: Used as the mounted root, rather than the full Ceph tree, default is /

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretFile

string

Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretRef

LocalObjectReference

Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

user

string

Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

AzureFileVolumeSource [v1/core]

The following table describes the parameters for AzureFileVolumeSource object:

Field Type Description

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretName

string

the name of secret that contains Azure Storage Account Name and Key

shareName

string

Share Name

AzureDiskVolumeSource [v1/core]

The following table describes the parameters for AzureDiskVolumeSource object:

Field Type Description

cachingMode

string

Host Caching mode: None, Read Only, Read Write.

diskName

string

The Name of the data disk in the blob storage

diskURI

string

The URI the data disk in the blob storage

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

kind

string

Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

AWSElasticBlockStoreVolumeSource [v1/core]

The following table describes the parameters for AWSElasticBlockStoreVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).

readOnly

boolean

Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

volumeID

string

Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

TopologySpreadConstraint [v1/core]

The following table describes the parameters for TopologySpreadConstraint object:

Field Type Description

labelSelector

LabelSelector

LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.

maxSkew

integer

MaxSkew describes the degree to which pods may be unevenly distributed. It’s the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0:

zone1

zone2

zone3

P

- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It’s a required field. Default value is 1 and 0 is not allowed.

topologyKey

string

TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. It’s a required field.

whenUnsatisfiable

string

WhenUnsatisfiable indicates how to deal with a pod if it doesn’t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It’s considered as "Unsatisfiable" if and only if placing incoming pod on any topology violates "MaxSkew". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1:

zone1

zone2

zone3

P P P

P

LabelSelector [v1/meta]

The following table describes the parameters for LabelSelector object:

Field Type Description

matchExpressions

LabelSelectorRequirement array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchLabels

object

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

LabelSelectorRequirement [v1/meta]

The following table describes the parameters for LabelSelectorRequirement object:

Field Type Description

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

string array

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

Toleration [v1/core]

The following table describes the parameters for Toleration object:

Field Type Description

effect

string

Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.

key

string

Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.

operator

string

Operator represents a key’s relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.

tolerationSeconds

integer

TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.

value

string

Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.

PodSecurityContext [v1/core]

The following table describes the parameters for PodSecurityContext object:

Field Type Description

fsGroup

integer

A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:

1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR’d with rw-rw----

If unset, the Kubelet will not modify the ownership and permissions of any volume.

runAsGroup

integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

runAsNonRoot

boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser

integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

seLinuxOptions

SELinuxOptions

The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

supplementalGroups

integer array

A list of groups applied to the first process run in each container, in addition to the container’s primary GID. If unspecified, no groups will be added to any container.

sysctls

Sysctl array

Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch.

windowsOptions

WindowsSecurityContextOptions

The Windows specific settings applied to all containers. If unspecified, the options within a container’s SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

WindowsSecurityContextOptions [v1/core]

The following table describes the parameters for WindowsSecurityContextOptions object:

Field Type Description

gmsaCredentialSpec

string

GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.

gmsaCredentialSpecName

string

GMSACredentialSpecName is the name of the GMSA credential spec to use. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.

runAsUserName

string

The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. This field is alpha-level and it is only honored by servers that enable the WindowsRunAsUserName feature flag.

Sysctl [v1/core]

The following table describes the parameters for Sysctl object:

Field Type Description

name

string

Name of a property to set

value

string

Value of a property to set

SELinuxOptions [v1/core]

The following table describes the parameters for SELinuxOptions object:

Field Type Description

level

string

Level is SELinux level label that applies to the container.

role

string

Role is a SELinux role label that applies to the container.

type

string

Type is a SELinux type label that applies to the container.

user

string

User is a SELinux user label that applies to the container.

PodReadinessGate [v1/core]

The following table describes the parameters for PodReadinessGate object:

Field Type Description

conditionType

string

ConditionType refers to a condition in the pod’s condition list with matching type.

HostAlias [v1/core]

The following table describes the parameters for HostAlias object:

Field Type Description

hostnames

string array

Hostnames for the above IP address.

ip

string

IP address of the host file entry.

EphemeralContainer [v1/core]

The following table describes the parameters for EphemeralContainer object:

Field Type Description

args

string array

Arguments to the entrypoint. The docker image’s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

command

string array

Entrypoint array. Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

env

EnvVar array

List of environment variables to set in the container. Cannot be updated.

envFrom

EnvFromSource array

List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.

image

string

Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images

imagePullPolicy

string

Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images

lifecycle

Lifecycle

Lifecycle is not allowed for ephemeral containers.

livenessProbe

Probe

Probes are not allowed for ephemeral containers.

name

string

Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.

ports

ContainerPort array

Ports are not allowed for ephemeral containers.

readinessProbe

Probe

Probes are not allowed for ephemeral containers.

resources

ResourceRequirements

Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.

securityContext

SecurityContext

SecurityContext is not allowed for ephemeral containers.

startupProbe

Probe

Probes are not allowed for ephemeral containers.

stdin

boolean

Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.

stdinOnce

boolean

Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false

targetContainerName

string

If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container is run in whatever namespaces are shared for the pod. Note that the container runtime must support this feature.

terminationMessagePath

string

Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.

terminationMessagePolicy

string

Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.

tty

boolean

Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.

volumeDevices

VolumeDevice array

volumeDevices is the list of block devices to be used by the container. This is a beta feature.

volumeMounts

VolumeMount array

Pod volumes to mount into the container’s filesystem. Cannot be updated.

workingDir

string

Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.

VolumeMount [v1/core]

The following table describes the parameters for VolumeMount object:

Field Type Description

mountPath

string

Path within the container at which the volume should be mounted. Must not contain ':'.

mountPropagation

string

mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.

name

string

This must match the Name of a Volume.

readOnly

boolean

Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.

subPath

string

Path within the volume from which the container’s volume should be mounted. Defaults to "" (volume’s root).

subPathExpr

string

Expanded path within the volume from which the container’s volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container’s environment. Defaults to "" (volume’s root). SubPathExpr and SubPath are mutually exclusive. This field is beta in 1.15.

VolumeDevice [v1/core]

The following table describes the parameters for VolumeDevice object:

Field Type Description

devicePath

string

devicePath is the path inside of the container that the device will be mapped to.

name

string

name must match the name of a persistentVolumeClaim in the pod

SecurityContext [v1/core]

The following table describes the parameters for SecurityContext object:

Field Type Description

allowPrivilegeEscalation

boolean

AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN

capabilities

Capabilities

The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.

privileged

boolean

Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.

procMount

string

procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.

readOnlyRootFilesystem

boolean

Whether this container has a read-only root filesystem. Default is false.

runAsGroup

integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsNonRoot

boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser

integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

seLinuxOptions

SELinuxOptions

The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

windowsOptions

WindowsSecurityContextOptions

The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

Capabilities [v1/core]

The following table describes the parameters for Capabilities object:

Field Type Description

add

string array

Added capabilities

drop

string array

Removed capabilities

ResourceRequirements [v1/core]

The following table describes the parameters for ResourceRequirements object:

Field Type Description

limits

object

Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

requests

object

Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

ContainerPort [v1/core]

The following table describes the parameters for ContainerPort object:

Field Type Description

containerPort

integer

Number of port to expose on the pod’s IP address. This must be a valid port number, 0 < x < 65536.

hostIP

string

What host IP to bind the external port to.

hostPort

integer

Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.

name

string

If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.

protocol

string

Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".

Probe [v1/core]

The following table describes the parameters for Probe object:

Field Type Description

exec

ExecAction

One and only one of the following should be specified. Exec specifies the action to take.

failureThreshold

integer

Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.

httpGet

HTTPGetAction

HTTPGet specifies the http request to perform.

initialDelaySeconds

integer

Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

periodSeconds

integer

How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.

successThreshold

integer

Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

tcpSocket

TCPSocketAction

TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported

timeoutSeconds

integer

Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

TCPSocketAction [v1/core]

The following table describes the parameters for TCPSocketAction object:

Field Type Description

host

string

Optional: Host name to connect to, defaults to the pod IP.

port

Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

HTTPGetAction [v1/core]

The following table describes the parameters for HTTPGetAction object:

Field Type Description

host

string

Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.

httpHeaders

HTTPHeader array

Custom headers to set in the request. HTTP allows repeated headers.

path

string

Path to access on the HTTP server.

port

Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

scheme

string

Scheme to use for connecting to the host. Defaults to HTTP.

HTTPHeader [v1/core]

The following table describes the parameters for HTTPHeader object:

Field Type Description

name

string

The header field name

value

string

The header field value

ExecAction [v1/core]

The following table describes the parameters for ExecAction object:

Field Type Description

command

string array

Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('

Lifecycle [v1/core]

The following table describes the parameters for Lifecycle object:

Field Type Description

postStart

Handler

PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

preStop

Handler

PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod’s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod’s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

Handler [v1/core]

The following table describes the parameters for Handler object:

Field Type Description

exec

ExecAction

One and only one of the following should be specified. Exec specifies the action to take.

httpGet

HTTPGetAction

HTTPGet specifies the http request to perform.

tcpSocket

TCPSocketAction

TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported

EnvFromSource [v1/core]

The following table describes the parameters for EnvFromSource object:

Field Type Description

configMapRef

ConfigMapEnvSource

The ConfigMap to select from

prefix

string

An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.

secretRef

SecretEnvSource

The Secret to select from

SecretEnvSource [v1/core]

The following table describes the parameters for SecretEnvSource object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret must be defined

ConfigMapEnvSource [v1/core]

The following table describes the parameters for ConfigMapEnvSource object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap must be defined

EnvVar [v1/core]

The following table describes the parameters for EnvVar object:

Field Type Description

name

string

Name of the environment variable. Must be a C_IDENTIFIER.

value

string

Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".

valueFrom

EnvVarSource

Source for the environment variable’s value. Cannot be used if value is not empty.

EnvVarSource [v1/core]

The following table describes the parameters for EnvVarSource object:

Field Type Description

configMapKeyRef

ConfigMapKeySelector

Selects a key of a ConfigMap.

fieldRef

ObjectFieldSelector

Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP.

resourceFieldRef

ResourceFieldSelector

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.

secretKeyRef

SecretKeySelector

Selects a key of a secret in the pod’s namespace

SecretKeySelector [v1/core]

The following table describes the parameters for SecretKeySelector object:

Field Type Description

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

ConfigMapKeySelector [v1/core]

The following table describes the parameters for ConfigMapKeySelector object:

Field Type Description

key

string

The key to select.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its key must be defined

PodDNSConfig [v1/core]

The following table describes the parameters for PodDNSConfig object:

Field Type Description

nameservers

string array

A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.

options

PodDNSConfigOption array

A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.

searches

string array

A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.

PodDNSConfigOption [v1/core]

The following table describes the parameters for PodDNSConfigOption object:

Field Type Description

name

string

Required.

value

string

Container [v1/core]

The following table describes the parameters for Container object:

Field Type Description

args

string array

Arguments to the entrypoint. The docker image’s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

command

string array

Entrypoint array. Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

env

EnvVar array

List of environment variables to set in the container. Cannot be updated.

envFrom

EnvFromSource array

List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.

image

string

Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.

imagePullPolicy

string

Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images

lifecycle

Lifecycle

Actions that the management system should take in response to container lifecycle events. Cannot be updated.

livenessProbe

Probe

Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

name

string

Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.

ports

ContainerPort array

List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated.

readinessProbe

Probe

Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

resources

ResourceRequirements

Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

securityContext

SecurityContext

Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

startupProbe

Probe

StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod’s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is an alpha feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

stdin

boolean

Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.

stdinOnce

boolean

Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false

terminationMessagePath

string

Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.

terminationMessagePolicy

string

Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.

tty

boolean

Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.

volumeDevices

VolumeDevice array

volumeDevices is the list of block devices to be used by the container. This is a beta feature.

volumeMounts

VolumeMount array

Pod volumes to mount into the container’s filesystem. Cannot be updated.

workingDir

string

Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.

Affinity [v1/core]

The following table describes the parameters for Affinity object:

Field Type Description

nodeAffinity

NodeAffinity

Describes node affinity scheduling rules for the pod.

podAffinity

PodAffinity

Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).

podAntiAffinity

PodAntiAffinity

Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).

PodAntiAffinity [v1/core]

The following table describes the parameters for PodAntiAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

WeightedPodAffinityTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

PodAffinityTerm array

If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

PodAffinityTerm [v1/core]

The following table describes the parameters for PodAffinityTerm object:

Field Type Description

labelSelector

LabelSelector

A label query over a set of resources, in this case pods.

namespaces

string array

namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod’s namespace"

topologyKey

string

This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.

WeightedPodAffinityTerm [v1/core]

The following table describes the parameters for WeightedPodAffinityTerm object:

Field Type Description

podAffinityTerm

PodAffinityTerm

Required. A pod affinity term, associated with the corresponding weight.

weight

integer

weight associated with matching the corresponding podAffinityTerm, in the range 1-100.

PodAffinity [v1/core]

The following table describes the parameters for PodAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

WeightedPodAffinityTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

PodAffinityTerm array

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

NodeAffinity [v1/core]

The following table describes the parameters for NodeAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

PreferredSchedulingTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

NodeSelector

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.

NodeSelector [v1/core]

The following table describes the parameters for NodeSelector object:

Field Type Description

nodeSelectorTerms

NodeSelectorTerm array

Required. A list of node selector terms. The terms are ORed.

NodeSelectorTerm [v1/core]

The following table describes the parameters for NodeSelectorTerm object:

Field Type Description

matchExpressions

NodeSelectorRequirement array

A list of node selector requirements by node’s labels.

matchFields

NodeSelectorRequirement array

A list of node selector requirements by node’s fields.

NodeSelectorRequirement [v1/core]

The following table describes the parameters for NodeSelectorRequirement object:

Field Type Description

key

string

The label key that the selector applies to.

operator

string

Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.

values

string array

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.

PreferredSchedulingTerm [v1/core]

The following table describes the parameters for PreferredSchedulingTerm object:

Field Type Description

preference

NodeSelectorTerm

A node selector term, associated with the corresponding weight.

weight

integer

Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a CronJob

HTTP request

post /apis/batch/v1beta1/namespaces/{namespace}/cronjobs

Table 1185. HTTP body
Object	Type
`body`	CronJob

Table 1186. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1187. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1188. HTTP responses
Code	Type
200 - OK	CronJob
201 - Created	CronJob
202 - Accepted	CronJob

Patch

partially update the specified CronJob

HTTP request

patch /apis/batch/v1beta1/namespaces/{namespace}/cronjobs/{name}

Table 1189. HTTP body
Object	Type
`body`	Patch

Table 1190. Path parameters
Parameter	Description
`name`	name of the CronJob
`namespace`	object name and auth scope, such as for teams and projects

Table 1191. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1192. HTTP responses
Code	Type
200 - OK	CronJob

Replace

replace the specified CronJob

HTTP request

put /apis/batch/v1beta1/namespaces/{namespace}/cronjobs/{name}

Table 1193. HTTP body
Object	Type
`body`	CronJob

Table 1194. Path parameters
Parameter	Description
`name`	name of the CronJob
`namespace`	object name and auth scope, such as for teams and projects

Table 1195. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1196. HTTP responses
Code	Type
200 - OK	CronJob
201 - Created	CronJob

Delete

delete a CronJob

HTTP request

delete /apis/batch/v1beta1/namespaces/{namespace}/cronjobs/{name}

Table 1197. HTTP body
Object	Type
`body`	DeleteOptions

Table 1198. Path parameters
Parameter	Description
`name`	name of the CronJob
`namespace`	object name and auth scope, such as for teams and projects

Table 1199. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 1200. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of CronJob

HTTP request

delete /apis/batch/v1beta1/namespaces/{namespace}/cronjobs

Table 1201. HTTP body
Object	Type
`body`	DeleteOptions

Table 1202. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1203. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1204. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified CronJob

HTTP request

get /apis/batch/v1beta1/namespaces/{namespace}/cronjobs/{name}

Table 1205. Path parameters
Parameter	Description
`name`	name of the CronJob
`namespace`	object name and auth scope, such as for teams and projects

Table 1206. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 1207. HTTP responses
Code	Type
200 - OK	CronJob

List

list or watch objects of kind CronJob

HTTP request

get /apis/batch/v1beta1/namespaces/{namespace}/cronjobs

Table 1208. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1209. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1210. HTTP responses
Code	Type
200 - OK	CronJobList

List All Namespaces

list or watch objects of kind CronJob

HTTP request

get /apis/batch/v1beta1/cronjobs

Table 1211. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1212. HTTP responses
Code	Type
200 - OK	CronJobList

Watch

watch changes to an object of kind CronJob. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /apis/batch/v1beta1/watch/namespaces/{namespace}/cronjobs/{name}

Table 1213. Path parameters
Parameter	Description
`name`	name of the CronJob
`namespace`	object name and auth scope, such as for teams and projects

Table 1214. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1215. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of CronJob. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/batch/v1beta1/watch/namespaces/{namespace}/cronjobs

Table 1216. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1217. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1218. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List All Namespaces

watch individual changes to a list of CronJob. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/batch/v1beta1/watch/cronjobs

Table 1219. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1220. HTTP responses
Code	Type
200 - OK	WatchEvent

Status Operations

Patch Status

partially update status of the specified CronJob

HTTP request

patch /apis/batch/v1beta1/namespaces/{namespace}/cronjobs/{name}/status

Table 1221. HTTP body
Object	Type
`body`	Patch

Table 1222. Path parameters
Parameter	Description
`name`	name of the CronJob
`namespace`	object name and auth scope, such as for teams and projects

Table 1223. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1224. HTTP responses
Code	Type
200 - OK	CronJob

Read Status

read status of the specified CronJob

HTTP request

get /apis/batch/v1beta1/namespaces/{namespace}/cronjobs/{name}/status

Table 1225. Path parameters
Parameter	Description
`name`	name of the CronJob
`namespace`	object name and auth scope, such as for teams and projects

Table 1226. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 1227. HTTP responses
Code	Type
200 - OK	CronJob

Replace Status

replace status of the specified CronJob

HTTP request

put /apis/batch/v1beta1/namespaces/{namespace}/cronjobs/{name}/status

Table 1228. HTTP body
Object	Type
`body`	CronJob

Table 1229. Path parameters
Parameter	Description
`name`	name of the CronJob
`namespace`	object name and auth scope, such as for teams and projects

Table 1230. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1231. HTTP responses
Code	Type
200 - OK	CronJob
201 - Created	CronJob

Job v1 batch

Appears in

JobList [batch/v1]

Definitions

Job [v1/batch]

The following table describes the parameters for the Job object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

JobSpec

Specification of the desired behavior of a job. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

status

JobStatus

Current status of a job. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

JobSpec [v1/batch]

The following table describes the parameters for JobSpec object:

Field Type Description

activeDeadlineSeconds

integer

Specifies the duration in seconds relative to the startTime that the job may be active before the system tries to terminate it; value must be positive integer

backoffLimit

integer

Specifies the number of retries before marking this job failed. Defaults to 6

completions

integer

Specifies the desired number of successfully finished pods the job should be run with. Setting to nil means that the success of any pod signals the success of all pods, and allows parallelism to have any positive value. Setting to 1 means that parallelism is limited to 1 and the success of that pod signals the success of the job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/

manualSelector

boolean

manualSelector controls generation of pod labels and pod selectors. Leave manualSelector unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template. When true, the user is responsible for picking unique labels and specifying the selector. Failure to pick a unique label may cause this and other jobs to not function correctly. However, You may see manualSelector=true in jobs that were created with the old extensions/v1beta1 API. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector

parallelism

integer

Specifies the maximum desired number of pods the job should run at any given time. The actual number of pods running in steady state will be less than this number when ((.spec.completions - .status.successful) < .spec.parallelism), i.e. when the work left to do is less than max parallelism. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/

selector

LabelSelector

A label query over pods that should match the pod count. Normally, the system sets this field for you. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors

template

PodTemplateSpec

Describes the pod that will be created when executing a job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/

ttlSecondsAfterFinished

integer

ttlSecondsAfterFinished limits the lifetime of a Job that has finished execution (either Complete or Failed). If this field is set, ttlSecondsAfterFinished after the Job finishes, it is eligible to be automatically deleted. When the Job is being deleted, its lifecycle guarantees (e.g. finalizers) will be honored. If this field is unset, the Job won’t be automatically deleted. If this field is set to zero, the Job becomes eligible to be deleted immediately after it finishes. This field is alpha-level and is only honored by servers that enable the TTLAfterFinished feature.

JobStatus [v1/batch]

The following table describes the parameters for JobStatus object:

Field Type Description

active

integer

The number of actively running pods.

completionTime

Time

Represents time when the job was completed. It is not guaranteed to be set in happens-before order across separate operations. It is represented in RFC3339 form and is in UTC.

conditions

JobCondition array

The latest available observations of an object’s current state. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/

failed

integer

The number of pods which reached phase Failed.

startTime

Time

Represents time when the job was acknowledged by the job controller. It is not guaranteed to be set in happens-before order across separate operations. It is represented in RFC3339 form and is in UTC.

succeeded

integer

The number of pods which reached phase Succeeded.

JobList [v1/batch]

The following table describes the parameters for JobList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Job array

items is the list of Jobs.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

JobCondition [v1/batch]

The following table describes the parameters for JobCondition object:

Field Type Description

lastProbeTime

Time

Last time the condition was checked.

lastTransitionTime

Time

Last time the condition transit from one status to another.

message

string

Human readable message indicating details about last transition.

reason

string

(brief) reason for the condition’s last transition.

status

string

Status of the condition, one of True, False, Unknown.

type

string

Type of job condition, Complete or Failed.

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

PodTemplateSpec [v1/core]

The following table describes the parameters for PodTemplateSpec object:

Field Type Description

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

PodSpec

Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

PodSpec [v1/core]

The following table describes the parameters for PodSpec object:

Field Type Description

activeDeadlineSeconds

integer

Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.

affinity

Affinity

If specified, the pod’s scheduling constraints

automountServiceAccountToken

boolean

AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.

containers

Container array

List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.

dnsConfig

PodDNSConfig

Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.

dnsPolicy

string

Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.

enableServiceLinks

boolean

EnableServiceLinks indicates whether information about services should be injected into pod’s environment variables, matching the syntax of Docker links. Optional: Defaults to true.

ephemeralContainers

EphemeralContainer array

List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod’s ephemeralcontainers subresource. This field is alpha-level and is only honored by servers that enable the EphemeralContainers feature.

hostAliases

HostAlias array

HostAliases is an optional list of hosts and IPs that will be injected into the pod’s hosts file if specified. This is only valid for non-hostNetwork pods.

hostIPC

boolean

Use the host’s ipc namespace. Optional: Default to false.

hostNetwork

boolean

Host networking requested for this pod. Use the host’s network namespace. If this option is set, the ports that will be used must be specified. Default to false.

hostPID

boolean

Use the host’s pid namespace. Optional: Default to false.

hostname

string

Specifies the hostname of the Pod If not specified, the pod’s hostname will be set to a system-defined value.

imagePullSecrets

LocalObjectReference array

ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod

initContainers

Container array

List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

nodeName

string

NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.

nodeSelector

object

NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node’s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/

overhead

object

Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md This field is alpha-level as of Kubernetes v1.16, and is only honored by servers that enable the PodOverhead feature.

preemptionPolicy

string

PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. This field is alpha-level and is only honored by servers that enable the NonPreemptingPriority feature.

priority

integer

The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.

priorityClassName

string

If specified, indicates the pod’s priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.

readinessGates

PodReadinessGate array

If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md

restartPolicy

string

Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy

runtimeClassName

string

RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md This is a beta feature as of Kubernetes v1.14.

schedulerName

string

If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.

securityContext

PodSecurityContext

SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.

serviceAccount

string

DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.

serviceAccountName

string

ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

shareProcessNamespace

boolean

Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false. This field is beta-level and may be disabled with the PodShareProcessNamespace feature.

subdomain

string

If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not specified, the pod will not have a domainname at all.

terminationGracePeriodSeconds

integer

Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.

tolerations

Toleration array

If specified, the pod’s tolerations.

topologySpreadConstraints

TopologySpreadConstraint array

TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. This field is alpha-level and is only honored by clusters that enables the EvenPodsSpread feature. All topologySpreadConstraints are ANDed.

volumes

Volume array

List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes

Volume [v1/core]

The following table describes the parameters for Volume object:

Field Type Description

awsElasticBlockStore

AWSElasticBlockStoreVolumeSource

AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

azureDisk

AzureDiskVolumeSource

AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.

azureFile

AzureFileVolumeSource

AzureFile represents an Azure File Service mount on the host and bind mount to the pod.

cephfs

CephFSVolumeSource

CephFS represents a Ceph FS mount on the host that shares a pod’s lifetime

cinder

CinderVolumeSource

Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

configMap

ConfigMapVolumeSource

ConfigMap represents a configMap that should populate this volume

csi

CSIVolumeSource

CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature).

downwardAPI

DownwardAPIVolumeSource

DownwardAPI represents downward API about the pod that should populate this volume

emptyDir

EmptyDirVolumeSource

EmptyDir represents a temporary directory that shares a pod’s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir

fc

FCVolumeSource

FC represents a Fibre Channel resource that is attached to a kubelet’s host machine and then exposed to the pod.

flexVolume

FlexVolumeSource

FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.

flocker

FlockerVolumeSource

Flocker represents a Flocker volume attached to a kubelet’s host machine. This depends on the Flocker control service being running

gcePersistentDisk

GCEPersistentDiskVolumeSource

GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

gitRepo

GitRepoVolumeSource

GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod’s container.

glusterfs

GlusterfsVolumeSource

Glusterfs represents a Glusterfs mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md

hostPath

HostPathVolumeSource

HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

iscsi

ISCSIVolumeSource

ISCSI represents an ISCSI Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md

name

string

Volume’s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

nfs

NFSVolumeSource

NFS represents an NFS mount on the host that shares a pod’s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

persistentVolumeClaim

PersistentVolumeClaimVolumeSource

PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

photonPersistentDisk

PhotonPersistentDiskVolumeSource

PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine

portworxVolume

PortworxVolumeSource

PortworxVolume represents a portworx volume attached and mounted on kubelets host machine

projected

ProjectedVolumeSource

Items for all in one resources secrets, configmaps, and downward API

quobyte

QuobyteVolumeSource

Quobyte represents a Quobyte mount on the host that shares a pod’s lifetime

rbd

RBDVolumeSource

RBD represents a Rados Block Device mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md

scaleIO

ScaleIOVolumeSource

ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.

secret

SecretVolumeSource

Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret

storageos

StorageOSVolumeSource

StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.

vsphereVolume

VsphereVirtualDiskVolumeSource

VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine

VsphereVirtualDiskVolumeSource [v1/core]

The following table describes the parameters for VsphereVirtualDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

storagePolicyID

string

Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.

storagePolicyName

string

Storage Policy Based Management (SPBM) profile name.

volumePath

string

Path that identifies vSphere volume vmdk

StorageOSVolumeSource [v1/core]

The following table describes the parameters for StorageOSVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.

volumeName

string

VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.

volumeNamespace

string

VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod’s namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.

LocalObjectReference [v1/core]

The following table describes the parameters for LocalObjectReference object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

SecretVolumeSource [v1/core]

The following table describes the parameters for SecretVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

optional

boolean

Specify whether the Secret or its keys must be defined

secretName

string

Name of the secret in the pod’s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret

KeyToPath [v1/core]

The following table describes the parameters for KeyToPath object:

Field Type Description

key

string

The key to project.

mode

integer

Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

path

string

The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.

ScaleIOVolumeSource [v1/core]

The following table describes the parameters for ScaleIOVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".

gateway

string

The host address of the ScaleIO API Gateway.

protectionDomain

string

The name of the ScaleIO Protection Domain for the configured storage.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.

sslEnabled

boolean

Flag to enable/disable SSL communication with Gateway, default false

storageMode

string

Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.

storagePool

string

The ScaleIO Storage Pool associated with the protection domain.

system

string

The name of the storage system as configured in ScaleIO.

volumeName

string

The name of a volume already created in the ScaleIO system that is associated with this volume source.

RBDVolumeSource [v1/core]

The following table describes the parameters for RBDVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd

image

string

The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

keyring

string

Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

monitors

string array

A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

pool

string

The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

secretRef

LocalObjectReference

SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

user

string

The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

QuobyteVolumeSource [v1/core]

The following table describes the parameters for QuobyteVolumeSource object:

Field Type Description

group

string

Group to map volume access to Default is no group

readOnly

boolean

ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.

registry

string

Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes

tenant

string

Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin

user

string

User to map volume access to Defaults to serivceaccount user

volume

string

Volume is a string that references an already created Quobyte volume by name.

ProjectedVolumeSource [v1/core]

The following table describes the parameters for ProjectedVolumeSource object:

Field Type Description

defaultMode

integer

Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

sources

VolumeProjection array

list of volume projections

VolumeProjection [v1/core]

The following table describes the parameters for VolumeProjection object:

Field Type Description

configMap

ConfigMapProjection

information about the configMap data to project

downwardAPI

DownwardAPIProjection

information about the downwardAPI data to project

secret

SecretProjection

information about the secret data to project

serviceAccountToken

ServiceAccountTokenProjection

information about the serviceAccountToken data to project

ServiceAccountTokenProjection [v1/core]

The following table describes the parameters for ServiceAccountTokenProjection object:

Field Type Description

audience

string

Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.

expirationSeconds

integer

ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.

path

string

Path is the path relative to the mount point of the file to project the token into.

SecretProjection [v1/core]

The following table describes the parameters for SecretProjection object:

Field Type Description

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

DownwardAPIProjection [v1/core]

The following table describes the parameters for DownwardAPIProjection object:

Field Type Description

items

DownwardAPIVolumeFile array

Items is a list of DownwardAPIVolume file

DownwardAPIVolumeFile [v1/core]

The following table describes the parameters for DownwardAPIVolumeFile object:

Field Type Description

fieldRef

ObjectFieldSelector

Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.

mode

integer

Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

path

string

Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'

resourceFieldRef

ResourceFieldSelector

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.

ResourceFieldSelector [v1/core]

The following table describes the parameters for ResourceFieldSelector object:

Field Type Description

containerName

string

Container name: required for volumes, optional for env vars

divisor

Quantity

Specifies the output format of the exposed resources, defaults to "1"

resource

string

Required: resource to select

Quantity [resource/core]

The following table describes the parameters for Quantity object:

Field

Type

Description

ObjectFieldSelector [v1/core]

The following table describes the parameters for ObjectFieldSelector object:

Field Type Description

apiVersion

string

Version of the schema the FieldPath is written in terms of, defaults to "v1".

fieldPath

string

Path of the field to select in the specified API version.

ConfigMapProjection [v1/core]

The following table describes the parameters for ConfigMapProjection object:

Field Type Description

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its keys must be defined

PortworxVolumeSource [v1/core]

The following table describes the parameters for PortworxVolumeSource object:

Field Type Description

fsType

string

FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

volumeID

string

VolumeID uniquely identifies a Portworx volume

PhotonPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for PhotonPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

pdID

string

ID that identifies Photon Controller persistent disk

PersistentVolumeClaimVolumeSource [v1/core]

The following table describes the parameters for PersistentVolumeClaimVolumeSource object:

Field Type Description

claimName

string

ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

readOnly

boolean

Will force the ReadOnly setting in VolumeMounts. Default false.

NFSVolumeSource [v1/core]

The following table describes the parameters for NFSVolumeSource object:

Field Type Description

path

string

Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

readOnly

boolean

ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

server

string

Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

ISCSIVolumeSource [v1/core]

The following table describes the parameters for ISCSIVolumeSource object:

Field Type Description

chapAuthDiscovery

boolean

whether support iSCSI Discovery CHAP authentication

chapAuthSession

boolean

whether support iSCSI Session CHAP authentication

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi

initiatorName

string

Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.

iqn

string

Target iSCSI Qualified Name.

iscsiInterface

string

iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).

lun

integer

iSCSI Target Lun number.

portals

string array

iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.

secretRef

LocalObjectReference

CHAP Secret for iSCSI target and initiator authentication

targetPortal

string

iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

HostPathVolumeSource [v1/core]

The following table describes the parameters for HostPathVolumeSource object:

Field Type Description

path

string

Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

type

string

Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

GlusterfsVolumeSource [v1/core]

The following table describes the parameters for GlusterfsVolumeSource object:

Field Type Description

endpoints

string

EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

path

string

Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

readOnly

boolean

ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

GitRepoVolumeSource [v1/core]

The following table describes the parameters for GitRepoVolumeSource object:

Field Type Description

directory

string

Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.

repository

string

Repository URL

revision

string

Commit hash for the specified revision.

GCEPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for GCEPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

pdName

string

Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

FlockerVolumeSource [v1/core]

The following table describes the parameters for FlockerVolumeSource object:

Field Type Description

datasetName

string

Name of the dataset stored as metadata → name on the dataset for Flocker should be considered as deprecated

datasetUUID

string

UUID of the dataset. This is unique identifier of a Flocker dataset

FlexVolumeSource [v1/core]

The following table describes the parameters for FlexVolumeSource object:

Field Type Description

driver

string

Driver is the name of the driver to use for this volume.

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.

options

object

Optional: Extra command options if any.

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.

FCVolumeSource [v1/core]

The following table describes the parameters for FCVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

lun

integer

Optional: FC target lun number

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

targetWWNs

string array

Optional: FC target worldwide names (WWNs)

wwids

string array

Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.

EmptyDirVolumeSource [v1/core]

The following table describes the parameters for EmptyDirVolumeSource object:

Field Type Description

medium

string

What type of storage medium should back this directory. The default is "" which means to use the node’s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir

sizeLimit

Quantity

Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir

DownwardAPIVolumeSource [v1/core]

The following table describes the parameters for DownwardAPIVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

DownwardAPIVolumeFile array

Items is a list of downward API volume file

CSIVolumeSource [v1/core]

The following table describes the parameters for CSIVolumeSource object:

Field Type Description

driver

string

Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.

fsType

string

Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.

nodePublishSecretRef

LocalObjectReference

NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.

readOnly

boolean

Specifies a read-only configuration for the volume. Defaults to false (read/write).

volumeAttributes

object

VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver’s documentation for supported values.

ConfigMapVolumeSource [v1/core]

The following table describes the parameters for ConfigMapVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its keys must be defined

CinderVolumeSource [v1/core]

The following table describes the parameters for CinderVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

secretRef

LocalObjectReference

Optional: points to a secret object containing parameters used to connect to RHOSP.

volumeID

string

volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

CephFSVolumeSource [v1/core]

The following table describes the parameters for CephFSVolumeSource object:

Field Type Description

monitors

string array

Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

path

string

Optional: Used as the mounted root, rather than the full Ceph tree, default is /

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretFile

string

Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretRef

LocalObjectReference

Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

user

string

Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

AzureFileVolumeSource [v1/core]

The following table describes the parameters for AzureFileVolumeSource object:

Field Type Description

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretName

string

the name of secret that contains Azure Storage Account Name and Key

shareName

string

Share Name

AzureDiskVolumeSource [v1/core]

The following table describes the parameters for AzureDiskVolumeSource object:

Field Type Description

cachingMode

string

Host Caching mode: None, Read Only, Read Write.

diskName

string

The Name of the data disk in the blob storage

diskURI

string

The URI the data disk in the blob storage

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

kind

string

Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

AWSElasticBlockStoreVolumeSource [v1/core]

The following table describes the parameters for AWSElasticBlockStoreVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).

readOnly

boolean

Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

volumeID

string

Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

TopologySpreadConstraint [v1/core]

The following table describes the parameters for TopologySpreadConstraint object:

Field Type Description

labelSelector

LabelSelector

LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.

maxSkew

integer

MaxSkew describes the degree to which pods may be unevenly distributed. It’s the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0:

zone1

zone2

zone3

P

- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It’s a required field. Default value is 1 and 0 is not allowed.

topologyKey

string

TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. It’s a required field.

whenUnsatisfiable

string

WhenUnsatisfiable indicates how to deal with a pod if it doesn’t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It’s considered as "Unsatisfiable" if and only if placing incoming pod on any topology violates "MaxSkew". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1:

zone1

zone2

zone3

P P P

P

LabelSelector [v1/meta]

The following table describes the parameters for LabelSelector object:

Field Type Description

matchExpressions

LabelSelectorRequirement array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchLabels

object

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

LabelSelectorRequirement [v1/meta]

The following table describes the parameters for LabelSelectorRequirement object:

Field Type Description

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

string array

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

Toleration [v1/core]

The following table describes the parameters for Toleration object:

Field Type Description

effect

string

Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.

key

string

Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.

operator

string

Operator represents a key’s relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.

tolerationSeconds

integer

TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.

value

string

Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.

PodSecurityContext [v1/core]

The following table describes the parameters for PodSecurityContext object:

Field Type Description

fsGroup

integer

A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:

1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR’d with rw-rw----

If unset, the Kubelet will not modify the ownership and permissions of any volume.

runAsGroup

integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

runAsNonRoot

boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser

integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

seLinuxOptions

SELinuxOptions

The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

supplementalGroups

integer array

A list of groups applied to the first process run in each container, in addition to the container’s primary GID. If unspecified, no groups will be added to any container.

sysctls

Sysctl array

Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch.

windowsOptions

WindowsSecurityContextOptions

The Windows specific settings applied to all containers. If unspecified, the options within a container’s SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

WindowsSecurityContextOptions [v1/core]

The following table describes the parameters for WindowsSecurityContextOptions object:

Field Type Description

gmsaCredentialSpec

string

GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.

gmsaCredentialSpecName

string

GMSACredentialSpecName is the name of the GMSA credential spec to use. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.

runAsUserName

string

The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. This field is alpha-level and it is only honored by servers that enable the WindowsRunAsUserName feature flag.

Sysctl [v1/core]

The following table describes the parameters for Sysctl object:

Field Type Description

name

string

Name of a property to set

value

string

Value of a property to set

SELinuxOptions [v1/core]

The following table describes the parameters for SELinuxOptions object:

Field Type Description

level

string

Level is SELinux level label that applies to the container.

role

string

Role is a SELinux role label that applies to the container.

type

string

Type is a SELinux type label that applies to the container.

user

string

User is a SELinux user label that applies to the container.

PodReadinessGate [v1/core]

The following table describes the parameters for PodReadinessGate object:

Field Type Description

conditionType

string

ConditionType refers to a condition in the pod’s condition list with matching type.

HostAlias [v1/core]

The following table describes the parameters for HostAlias object:

Field Type Description

hostnames

string array

Hostnames for the above IP address.

ip

string

IP address of the host file entry.

EphemeralContainer [v1/core]

The following table describes the parameters for EphemeralContainer object:

Field Type Description

args

string array

Arguments to the entrypoint. The docker image’s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

command

string array

Entrypoint array. Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

env

EnvVar array

List of environment variables to set in the container. Cannot be updated.

envFrom

EnvFromSource array

List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.

image

string

Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images

imagePullPolicy

string

Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images

lifecycle

Lifecycle

Lifecycle is not allowed for ephemeral containers.

livenessProbe

Probe

Probes are not allowed for ephemeral containers.

name

string

Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.

ports

ContainerPort array

Ports are not allowed for ephemeral containers.

readinessProbe

Probe

Probes are not allowed for ephemeral containers.

resources

ResourceRequirements

Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.

securityContext

SecurityContext

SecurityContext is not allowed for ephemeral containers.

startupProbe

Probe

Probes are not allowed for ephemeral containers.

stdin

boolean

Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.

stdinOnce

boolean

Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false

targetContainerName

string

If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container is run in whatever namespaces are shared for the pod. Note that the container runtime must support this feature.

terminationMessagePath

string

Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.

terminationMessagePolicy

string

Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.

tty

boolean

Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.

volumeDevices

VolumeDevice array

volumeDevices is the list of block devices to be used by the container. This is a beta feature.

volumeMounts

VolumeMount array

Pod volumes to mount into the container’s filesystem. Cannot be updated.

workingDir

string

Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.

VolumeMount [v1/core]

The following table describes the parameters for VolumeMount object:

Field Type Description

mountPath

string

Path within the container at which the volume should be mounted. Must not contain ':'.

mountPropagation

string

mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.

name

string

This must match the Name of a Volume.

readOnly

boolean

Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.

subPath

string

Path within the volume from which the container’s volume should be mounted. Defaults to "" (volume’s root).

subPathExpr

string

Expanded path within the volume from which the container’s volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container’s environment. Defaults to "" (volume’s root). SubPathExpr and SubPath are mutually exclusive. This field is beta in 1.15.

VolumeDevice [v1/core]

The following table describes the parameters for VolumeDevice object:

Field Type Description

devicePath

string

devicePath is the path inside of the container that the device will be mapped to.

name

string

name must match the name of a persistentVolumeClaim in the pod

SecurityContext [v1/core]

The following table describes the parameters for SecurityContext object:

Field Type Description

allowPrivilegeEscalation

boolean

AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN

capabilities

Capabilities

The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.

privileged

boolean

Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.

procMount

string

procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.

readOnlyRootFilesystem

boolean

Whether this container has a read-only root filesystem. Default is false.

runAsGroup

integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsNonRoot

boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser

integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

seLinuxOptions

SELinuxOptions

The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

windowsOptions

WindowsSecurityContextOptions

The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

Capabilities [v1/core]

The following table describes the parameters for Capabilities object:

Field Type Description

add

string array

Added capabilities

drop

string array

Removed capabilities

ResourceRequirements [v1/core]

The following table describes the parameters for ResourceRequirements object:

Field Type Description

limits

object

Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

requests

object

Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

ContainerPort [v1/core]

The following table describes the parameters for ContainerPort object:

Field Type Description

containerPort

integer

Number of port to expose on the pod’s IP address. This must be a valid port number, 0 < x < 65536.

hostIP

string

What host IP to bind the external port to.

hostPort

integer

Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.

name

string

If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.

protocol

string

Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".

Probe [v1/core]

The following table describes the parameters for Probe object:

Field Type Description

exec

ExecAction

One and only one of the following should be specified. Exec specifies the action to take.

failureThreshold

integer

Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.

httpGet

HTTPGetAction

HTTPGet specifies the http request to perform.

initialDelaySeconds

integer

Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

periodSeconds

integer

How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.

successThreshold

integer

Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

tcpSocket

TCPSocketAction

TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported

timeoutSeconds

integer

Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

TCPSocketAction [v1/core]

The following table describes the parameters for TCPSocketAction object:

Field Type Description

host

string

Optional: Host name to connect to, defaults to the pod IP.

port

Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

HTTPGetAction [v1/core]

The following table describes the parameters for HTTPGetAction object:

Field Type Description

host

string

Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.

httpHeaders

HTTPHeader array

Custom headers to set in the request. HTTP allows repeated headers.

path

string

Path to access on the HTTP server.

port

Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

scheme

string

Scheme to use for connecting to the host. Defaults to HTTP.

HTTPHeader [v1/core]

The following table describes the parameters for HTTPHeader object:

Field Type Description

name

string

The header field name

value

string

The header field value

ExecAction [v1/core]

The following table describes the parameters for ExecAction object:

Field Type Description

command

string array

Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('

Lifecycle [v1/core]

The following table describes the parameters for Lifecycle object:

Field Type Description

postStart

Handler

PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

preStop

Handler

PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod’s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod’s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

Handler [v1/core]

The following table describes the parameters for Handler object:

Field Type Description

exec

ExecAction

One and only one of the following should be specified. Exec specifies the action to take.

httpGet

HTTPGetAction

HTTPGet specifies the http request to perform.

tcpSocket

TCPSocketAction

TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported

EnvFromSource [v1/core]

The following table describes the parameters for EnvFromSource object:

Field Type Description

configMapRef

ConfigMapEnvSource

The ConfigMap to select from

prefix

string

An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.

secretRef

SecretEnvSource

The Secret to select from

SecretEnvSource [v1/core]

The following table describes the parameters for SecretEnvSource object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret must be defined

ConfigMapEnvSource [v1/core]

The following table describes the parameters for ConfigMapEnvSource object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap must be defined

EnvVar [v1/core]

The following table describes the parameters for EnvVar object:

Field Type Description

name

string

Name of the environment variable. Must be a C_IDENTIFIER.

value

string

Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".

valueFrom

EnvVarSource

Source for the environment variable’s value. Cannot be used if value is not empty.

EnvVarSource [v1/core]

The following table describes the parameters for EnvVarSource object:

Field Type Description

configMapKeyRef

ConfigMapKeySelector

Selects a key of a ConfigMap.

fieldRef

ObjectFieldSelector

Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP.

resourceFieldRef

ResourceFieldSelector

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.

secretKeyRef

SecretKeySelector

Selects a key of a secret in the pod’s namespace

SecretKeySelector [v1/core]

The following table describes the parameters for SecretKeySelector object:

Field Type Description

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

ConfigMapKeySelector [v1/core]

The following table describes the parameters for ConfigMapKeySelector object:

Field Type Description

key

string

The key to select.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its key must be defined

PodDNSConfig [v1/core]

The following table describes the parameters for PodDNSConfig object:

Field Type Description

nameservers

string array

A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.

options

PodDNSConfigOption array

A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.

searches

string array

A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.

PodDNSConfigOption [v1/core]

The following table describes the parameters for PodDNSConfigOption object:

Field Type Description

name

string

Required.

value

string

Container [v1/core]

The following table describes the parameters for Container object:

Field Type Description

args

string array

Arguments to the entrypoint. The docker image’s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

command

string array

Entrypoint array. Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

env

EnvVar array

List of environment variables to set in the container. Cannot be updated.

envFrom

EnvFromSource array

List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.

image

string

Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.

imagePullPolicy

string

Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images

lifecycle

Lifecycle

Actions that the management system should take in response to container lifecycle events. Cannot be updated.

livenessProbe

Probe

Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

name

string

Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.

ports

ContainerPort array

List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated.

readinessProbe

Probe

Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

resources

ResourceRequirements

Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

securityContext

SecurityContext

Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

startupProbe

Probe

StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod’s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is an alpha feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

stdin

boolean

Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.

stdinOnce

boolean

Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false

terminationMessagePath

string

Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.

terminationMessagePolicy

string

Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.

tty

boolean

Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.

volumeDevices

VolumeDevice array

volumeDevices is the list of block devices to be used by the container. This is a beta feature.

volumeMounts

VolumeMount array

Pod volumes to mount into the container’s filesystem. Cannot be updated.

workingDir

string

Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.

Affinity [v1/core]

The following table describes the parameters for Affinity object:

Field Type Description

nodeAffinity

NodeAffinity

Describes node affinity scheduling rules for the pod.

podAffinity

PodAffinity

Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).

podAntiAffinity

PodAntiAffinity

Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).

PodAntiAffinity [v1/core]

The following table describes the parameters for PodAntiAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

WeightedPodAffinityTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

PodAffinityTerm array

If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

PodAffinityTerm [v1/core]

The following table describes the parameters for PodAffinityTerm object:

Field Type Description

labelSelector

LabelSelector

A label query over a set of resources, in this case pods.

namespaces

string array

namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod’s namespace"

topologyKey

string

This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.

WeightedPodAffinityTerm [v1/core]

The following table describes the parameters for WeightedPodAffinityTerm object:

Field Type Description

podAffinityTerm

PodAffinityTerm

Required. A pod affinity term, associated with the corresponding weight.

weight

integer

weight associated with matching the corresponding podAffinityTerm, in the range 1-100.

PodAffinity [v1/core]

The following table describes the parameters for PodAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

WeightedPodAffinityTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

PodAffinityTerm array

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

NodeAffinity [v1/core]

The following table describes the parameters for NodeAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

PreferredSchedulingTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

NodeSelector

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.

NodeSelector [v1/core]

The following table describes the parameters for NodeSelector object:

Field Type Description

nodeSelectorTerms

NodeSelectorTerm array

Required. A list of node selector terms. The terms are ORed.

NodeSelectorTerm [v1/core]

The following table describes the parameters for NodeSelectorTerm object:

Field Type Description

matchExpressions

NodeSelectorRequirement array

A list of node selector requirements by node’s labels.

matchFields

NodeSelectorRequirement array

A list of node selector requirements by node’s fields.

NodeSelectorRequirement [v1/core]

The following table describes the parameters for NodeSelectorRequirement object:

Field Type Description

key

string

The label key that the selector applies to.

operator

string

Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.

values

string array

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.

PreferredSchedulingTerm [v1/core]

The following table describes the parameters for PreferredSchedulingTerm object:

Field Type Description

preference

NodeSelectorTerm

A node selector term, associated with the corresponding weight.

weight

integer

Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a Job

HTTP request

post /apis/batch/v1/namespaces/{namespace}/jobs

Table 1232. HTTP body
Object	Type
`body`	Job

Table 1233. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1234. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1235. HTTP responses
Code	Type
200 - OK	Job
201 - Created	Job
202 - Accepted	Job

Patch

partially update the specified Job

HTTP request

patch /apis/batch/v1/namespaces/{namespace}/jobs/{name}

Table 1236. HTTP body
Object	Type
`body`	Patch

Table 1237. Path parameters
Parameter	Description
`name`	name of the Job
`namespace`	object name and auth scope, such as for teams and projects

Table 1238. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1239. HTTP responses
Code	Type
200 - OK	Job

Replace

replace the specified Job

HTTP request

put /apis/batch/v1/namespaces/{namespace}/jobs/{name}

Table 1240. HTTP body
Object	Type
`body`	Job

Table 1241. Path parameters
Parameter	Description
`name`	name of the Job
`namespace`	object name and auth scope, such as for teams and projects

Table 1242. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1243. HTTP responses
Code	Type
200 - OK	Job
201 - Created	Job

Delete

delete a Job

HTTP request

delete /apis/batch/v1/namespaces/{namespace}/jobs/{name}

Table 1244. HTTP body
Object	Type
`body`	DeleteOptions

Table 1245. Path parameters
Parameter	Description
`name`	name of the Job
`namespace`	object name and auth scope, such as for teams and projects

Table 1246. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 1247. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of Job

HTTP request

delete /apis/batch/v1/namespaces/{namespace}/jobs

Table 1248. HTTP body
Object	Type
`body`	DeleteOptions

Table 1249. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1250. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1251. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified Job

HTTP request

get /apis/batch/v1/namespaces/{namespace}/jobs/{name}

Table 1252. Path parameters
Parameter	Description
`name`	name of the Job
`namespace`	object name and auth scope, such as for teams and projects

Table 1253. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 1254. HTTP responses
Code	Type
200 - OK	Job

List

list or watch objects of kind Job

HTTP request

get /apis/batch/v1/namespaces/{namespace}/jobs

Table 1255. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1256. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1257. HTTP responses
Code	Type
200 - OK	JobList

List All Namespaces

list or watch objects of kind Job

HTTP request

get /apis/batch/v1/jobs

Table 1258. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1259. HTTP responses
Code	Type
200 - OK	JobList

Watch

watch changes to an object of kind Job. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /apis/batch/v1/watch/namespaces/{namespace}/jobs/{name}

Table 1260. Path parameters
Parameter	Description
`name`	name of the Job
`namespace`	object name and auth scope, such as for teams and projects

Table 1261. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1262. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of Job. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/batch/v1/watch/namespaces/{namespace}/jobs

Table 1263. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1264. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1265. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List All Namespaces

watch individual changes to a list of Job. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/batch/v1/watch/jobs

Table 1266. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1267. HTTP responses
Code	Type
200 - OK	WatchEvent

Status Operations

Patch Status

partially update status of the specified Job

HTTP request

patch /apis/batch/v1/namespaces/{namespace}/jobs/{name}/status

Table 1268. HTTP body
Object	Type
`body`	Patch

Table 1269. Path parameters
Parameter	Description
`name`	name of the Job
`namespace`	object name and auth scope, such as for teams and projects

Table 1270. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1271. HTTP responses
Code	Type
200 - OK	Job

Read Status

read status of the specified Job

HTTP request

get /apis/batch/v1/namespaces/{namespace}/jobs/{name}/status

Table 1272. Path parameters
Parameter	Description
`name`	name of the Job
`namespace`	object name and auth scope, such as for teams and projects

Table 1273. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 1274. HTTP responses
Code	Type
200 - OK	Job

Replace Status

replace status of the specified Job

HTTP request

put /apis/batch/v1/namespaces/{namespace}/jobs/{name}/status

Table 1275. HTTP body
Object	Type
`body`	Job

Table 1276. Path parameters
Parameter	Description
`name`	name of the Job
`namespace`	object name and auth scope, such as for teams and projects

Table 1277. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1278. HTTP responses
Code	Type
200 - OK	Job
201 - Created	Job

Build v1 build.openshift.io

Appears in

BuildList [build.openshift.io/v1]

Definitions

Build [v1/build.openshift.io]

The following table describes the parameters for the Build object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

spec

BuildSpec

spec is all the inputs used to execute the build.

status

BuildStatus

status is the current status of the build.

BuildSpec [v1/build.openshift.io]

The following table describes the parameters for BuildSpec object:

Field Type Description

completionDeadlineSeconds

integer

completionDeadlineSeconds is an optional duration in seconds, counted from the time when a build pod gets scheduled in the system, that the build may be active on a node before the system actively tries to terminate the build; value must be positive integer

nodeSelector

object

nodeSelector is a selector which must be true for the build pod to fit on a node If nil, it can be overridden by default build nodeselector values for the cluster. If set to an empty map or a map with any values, default build nodeselector values are ignored.

output

BuildOutput

output describes the container image the Strategy should produce.

postCommit

BuildPostCommitSpec

postCommit is a build hook executed after the build output image is committed, before it is pushed to a registry.

resources

ResourceRequirements

resources computes resource requirements to execute the build.

revision

SourceRevision

revision is the information from the source for a specific repo snapshot. This is optional.

serviceAccount

string

serviceAccount is the name of the ServiceAccount to use to run the pod created by this build. The pod will be allowed to use secrets referenced by the ServiceAccount

source

BuildSource

source describes the SCM in use.

strategy

BuildStrategy

strategy defines how to perform a build.

triggeredBy

BuildTriggerCause array

triggeredBy describes which triggers started the most recent update to the build configuration and contains information about those triggers.

BuildStatus [v1/build.openshift.io]

The following table describes the parameters for BuildStatus object:

Field Type Description

cancelled

boolean

cancelled describes if a cancel event was triggered for the build.

completionTimestamp

Time

completionTimestamp is a timestamp representing the server time when this Build was finished, whether that build failed or succeeded. It reflects the time at which the Pod running the Build terminated. It is represented in RFC3339 form and is in UTC.

config

ObjectReference

config is an ObjectReference to the BuildConfig this Build is based on.

duration

integer

duration contains time.Duration object describing build time.

logSnippet

string

logSnippet is the last few lines of the build log. This value is only set for builds that failed.

message

string

message is a human-readable message indicating details about why the build has this status.

output

BuildStatusOutput

output describes the container image the build has produced.

outputDockerImageReference

string

outputDockerImageReference contains a reference to the container image that will be built by this build. Its value is computed from Build.Spec.Output.To, and should include the registry address, so that it can be used to push and pull the image.

phase

string

phase is the point in the build lifecycle. Possible values are "New", "Pending", "Running", "Complete", "Failed", "Error", and "Cancelled".

reason

string

reason is a brief CamelCase string that describes any failure and is meant for machine parsing and tidy display in the CLI.

stages

StageInfo array

stages contains details about each stage that occurs during the build including start time, duration (in milliseconds), and the steps that occured within each stage.

startTimestamp

Time

startTimestamp is a timestamp representing the server time when this Build started running in a Pod. It is represented in RFC3339 form and is in UTC.

BuildList [v1/build.openshift.io]

The following table describes the parameters for BuildList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Build array

items is a list of builds

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

BuildStrategy [v1/build.openshift.io]

The following table describes the parameters for BuildStrategy object:

Field Type Description

customStrategy

CustomBuildStrategy

customStrategy holds the parameters to the Custom build strategy

dockerStrategy

DockerBuildStrategy

dockerStrategy holds the parameters to the container image build strategy.

jenkinsPipelineStrategy

JenkinsPipelineBuildStrategy

JenkinsPipelineStrategy holds the parameters to the Jenkins Pipeline build strategy.

sourceStrategy

SourceBuildStrategy

sourceStrategy holds the parameters to the Source build strategy.

type

string

type is the kind of build strategy.

StageInfo [v1/build.openshift.io]

The following table describes the parameters for StageInfo object:

Field Type Description

durationMilliseconds

integer

durationMilliseconds identifies how long the stage took to complete in milliseconds. Note: the duration of a stage can exceed the sum of the duration of the steps within the stage as not all actions are accounted for in explicit build steps.

name

string

name is a unique identifier for each build stage that occurs.

startTime

Time

startTime is a timestamp representing the server time when this Stage started. It is represented in RFC3339 form and is in UTC.

steps

StepInfo array

steps contains details about each step that occurs during a build stage including start time and duration in milliseconds.

StepInfo [v1/build.openshift.io]

The following table describes the parameters for StepInfo object:

Field Type Description

durationMilliseconds

integer

durationMilliseconds identifies how long the step took to complete in milliseconds.

name

string

name is a unique identifier for each build step.

startTime

Time

startTime is a timestamp representing the server time when this Step started. it is represented in RFC3339 form and is in UTC.

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

BuildStatusOutput [v1/build.openshift.io]

The following table describes the parameters for BuildStatusOutput object:

Field Type Description

to

BuildStatusOutputTo

to describes the status of the built image being pushed to a registry.

BuildStatusOutputTo [v1/build.openshift.io]

The following table describes the parameters for BuildStatusOutputTo object:

Field Type Description

imageDigest

string

imageDigest is the digest of the built container image. The digest uniquely identifies the image in the registry to which it was pushed.

Please note that this field may not always be set even if the push completes successfully - e.g. when the registry returns no digest or returns it in a format that the builder doesn’t understand.

ObjectReference [v1/core]

The following table describes the parameters for ObjectReference object:

Field Type Description

apiVersion

string

API version of the referent.

fieldPath

string

If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

BuildTriggerCause [v1/build.openshift.io]

The following table describes the parameters for BuildTriggerCause object:

Field Type Description

bitbucketWebHook

BitbucketWebHookCause

BitbucketWebHook represents data for a Bitbucket webhook that fired a specific build.

genericWebHook

GenericWebHookCause

genericWebHook holds data about a builds generic webhook trigger.

githubWebHook

GitHubWebHookCause

gitHubWebHook represents data for a GitHub webhook that fired a specific build.

gitlabWebHook

GitLabWebHookCause

GitLabWebHook represents data for a GitLab webhook that fired a specific build.

imageChangeBuild

ImageChangeCause

imageChangeBuild stores information about an imagechange event that triggered a new build.

message

string

message is used to store a human readable message for why the build was triggered. E.g.: "Manually triggered by user", "Configuration change",etc.

ImageChangeCause [v1/build.openshift.io]

The following table describes the parameters for ImageChangeCause object:

Field Type Description

fromRef

ObjectReference

fromRef contains detailed information about an image that triggered a build.

imageID

string

imageID is the ID of the image that triggered a a new build.

GitLabWebHookCause [v1/build.openshift.io]

The following table describes the parameters for GitLabWebHookCause object:

Field Type Description

revision

SourceRevision

Revision is the git source revision information of the trigger.

secret

string

Secret is the obfuscated webhook secret that triggered a build.

SourceRevision [v1/build.openshift.io]

The following table describes the parameters for SourceRevision object:

Field Type Description

git

GitSourceRevision

Git contains information about git-based build source

type

string

type of the build source, may be one of 'Source', 'Dockerfile', 'Binary', or 'Images'

GitSourceRevision [v1/build.openshift.io]

The following table describes the parameters for GitSourceRevision object:

Field Type Description

author

SourceControlUser

author is the author of a specific commit

commit

string

commit is the commit hash identifying a specific commit

committer

SourceControlUser

committer is the committer of a specific commit

message

string

message is the description of a specific commit

SourceControlUser [v1/build.openshift.io]

The following table describes the parameters for SourceControlUser object:

Field Type Description

email

string

email of the source control user

name

string

name of the source control user

GitHubWebHookCause [v1/build.openshift.io]

The following table describes the parameters for GitHubWebHookCause object:

Field Type Description

revision

SourceRevision

revision is the git revision information of the trigger.

secret

string

secret is the obfuscated webhook secret that triggered a build.

GenericWebHookCause [v1/build.openshift.io]

The following table describes the parameters for GenericWebHookCause object:

Field Type Description

revision

SourceRevision

revision is an optional field that stores the git source revision information of the generic webhook trigger when it is available.

secret

string

secret is the obfuscated webhook secret that triggered a build.

BitbucketWebHookCause [v1/build.openshift.io]

The following table describes the parameters for BitbucketWebHookCause object:

Field Type Description

revision

SourceRevision

Revision is the git source revision information of the trigger.

secret

string

Secret is the obfuscated webhook secret that triggered a build.

SourceBuildStrategy [v1/build.openshift.io]

The following table describes the parameters for SourceBuildStrategy object:

Field Type Description

env

EnvVar array

env contains additional environment variables you want to pass into a builder container.

forcePull

boolean

forcePull describes if the builder should pull the images from registry prior to building.

from

ObjectReference

from is reference to an DockerImage, ImageStreamTag, or ImageStreamImage from which the container image should be pulled

incremental

boolean

incremental flag forces the Source build to do incremental builds if true.

pullSecret

LocalObjectReference

pullSecret is the name of a Secret that would be used for setting up the authentication for pulling the container images from the private Docker registries

scripts

string

scripts is the location of Source scripts

LocalObjectReference [v1/core]

The following table describes the parameters for LocalObjectReference object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

EnvVar [v1/core]

The following table describes the parameters for EnvVar object:

Field Type Description

name

string

Name of the environment variable. Must be a C_IDENTIFIER.

value

string

Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".

valueFrom

EnvVarSource

Source for the environment variable’s value. Cannot be used if value is not empty.

EnvVarSource [v1/core]

The following table describes the parameters for EnvVarSource object:

Field Type Description

configMapKeyRef

ConfigMapKeySelector

Selects a key of a ConfigMap.

fieldRef

ObjectFieldSelector

Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP.

resourceFieldRef

ResourceFieldSelector

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.

secretKeyRef

SecretKeySelector

Selects a key of a secret in the pod’s namespace

SecretKeySelector [v1/core]

The following table describes the parameters for SecretKeySelector object:

Field Type Description

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

ResourceFieldSelector [v1/core]

The following table describes the parameters for ResourceFieldSelector object:

Field Type Description

containerName

string

Container name: required for volumes, optional for env vars

divisor

Quantity

Specifies the output format of the exposed resources, defaults to "1"

resource

string

Required: resource to select

Quantity [resource/core]

The following table describes the parameters for Quantity object:

Field

Type

Description

ObjectFieldSelector [v1/core]

The following table describes the parameters for ObjectFieldSelector object:

Field Type Description

apiVersion

string

Version of the schema the FieldPath is written in terms of, defaults to "v1".

fieldPath

string

Path of the field to select in the specified API version.

ConfigMapKeySelector [v1/core]

The following table describes the parameters for ConfigMapKeySelector object:

Field Type Description

key

string

The key to select.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its key must be defined

JenkinsPipelineBuildStrategy [v1/build.openshift.io]

The following table describes the parameters for JenkinsPipelineBuildStrategy object:

Field Type Description

env

EnvVar array

env contains additional environment variables you want to pass into a build pipeline.

jenkinsfile

string

Jenkinsfile defines the optional raw contents of a Jenkinsfile which defines a Jenkins pipeline build.

jenkinsfilePath

string

JenkinsfilePath is the optional path of the Jenkinsfile that will be used to configure the pipeline relative to the root of the context (contextDir). If both JenkinsfilePath & Jenkinsfile are both not specified, this defaults to Jenkinsfile in the root of the specified contextDir.

DockerBuildStrategy [v1/build.openshift.io]

The following table describes the parameters for DockerBuildStrategy object:

Field Type Description

buildArgs

EnvVar array

buildArgs contains build arguments that will be resolved in the Dockerfile. See https://docs.docker.com/engine/reference/builder/#/arg for more details.

dockerfilePath

string

dockerfilePath is the path of the Dockerfile that will be used to build the container image, relative to the root of the context (contextDir).

env

EnvVar array

env contains additional environment variables you want to pass into a builder container.

forcePull

boolean

forcePull describes if the builder should pull the images from registry prior to building.

from

ObjectReference

from is reference to an DockerImage, ImageStreamTag, or ImageStreamImage from which the container image should be pulled the resulting image will be used in the FROM line of the Dockerfile for this build.

imageOptimizationPolicy

string

imageOptimizationPolicy describes what optimizations the system can use when building images to reduce the final size or time spent building the image. The default policy is 'None' which means the final build image will be equivalent to an image created by the container image build API. The experimental policy 'SkipLayers' will avoid commiting new layers in between each image step, and will fail if the Dockerfile cannot provide compatibility with the 'None' policy. An additional experimental policy 'SkipLayersAndWarn' is the same as 'SkipLayers' but simply warns if compatibility cannot be preserved.

noCache

boolean

noCache if set to true indicates that the container image build must be executed with the --no-cache=true flag

pullSecret

LocalObjectReference

pullSecret is the name of a Secret that would be used for setting up the authentication for pulling the container images from the private Docker registries

CustomBuildStrategy [v1/build.openshift.io]

The following table describes the parameters for CustomBuildStrategy object:

Field Type Description

buildAPIVersion

string

buildAPIVersion is the requested API version for the Build object serialized and passed to the custom builder

env

EnvVar array

env contains additional environment variables you want to pass into a builder container.

exposeDockerSocket

boolean

exposeDockerSocket will allow running Docker commands (and build container images) from inside the container.

forcePull

boolean

forcePull describes if the controller should configure the build pod to always pull the images for the builder or only pull if it is not present locally

from

ObjectReference

from is reference to an DockerImage, ImageStreamTag, or ImageStreamImage from which the container image should be pulled

pullSecret

LocalObjectReference

pullSecret is the name of a Secret that would be used for setting up the authentication for pulling the container images from the private Docker registries

secrets

SecretSpec array

secrets is a list of additional secrets that will be included in the build pod

SecretSpec [v1/build.openshift.io]

The following table describes the parameters for SecretSpec object:

Field Type Description

mountPath

string

mountPath is the path at which to mount the secret

secretSource

LocalObjectReference

secretSource is a reference to the secret

BuildSource [v1/build.openshift.io]

The following table describes the parameters for BuildSource object:

Field Type Description

binary

BinaryBuildSource

binary builds accept a binary as their input. The binary is generally assumed to be a tar, gzipped tar, or zip file depending on the strategy. For container image builds, this is the build context and an optional Dockerfile may be specified to override any Dockerfile in the build context. For Source builds, this is assumed to be an archive as described above. For Source and container image builds, if binary.asFile is set the build will receive a directory with a single file. contextDir may be used when an archive is provided. Custom builds will receive this binary as input on STDIN.

configMaps

ConfigMapBuildSource array

configMaps represents a list of configMaps and their destinations that will be used for the build.

contextDir

string

contextDir specifies the sub-directory where the source code for the application exists. This allows to have buildable sources in directory other than root of repository.

dockerfile

string

dockerfile is the raw contents of a Dockerfile which should be built. When this option is specified, the FROM may be modified based on your strategy base image and additional ENV stanzas from your strategy environment will be added after the FROM, but before the rest of your Dockerfile stanzas. The Dockerfile source type may be used with other options like git - in those cases the Git repo will have any innate Dockerfile replaced in the context dir.

git

GitBuildSource

git contains optional information about git build source

images

ImageSource array

images describes a set of images to be used to provide source for the build

secrets

SecretBuildSource array

secrets represents a list of secrets and their destinations that will be used only for the build.

sourceSecret

LocalObjectReference

sourceSecret is the name of a Secret that would be used for setting up the authentication for cloning private repository. The secret contains valid credentials for remote repository, where the data’s key represent the authentication method to be used and value is the base64 encoded credentials. Supported auth methods are: ssh-privatekey.

type

string

type of build input to accept

SecretBuildSource [v1/build.openshift.io]

The following table describes the parameters for SecretBuildSource object:

Field Type Description

destinationDir

string

destinationDir is the directory where the files from the secret should be available for the build time. For the Source build strategy, these will be injected into a container where the assemble script runs. Later, when the script finishes, all files injected will be truncated to zero length. For the container image build strategy, these will be copied into the build directory, where the Dockerfile is located, so users can ADD or COPY them during container image build.

secret

LocalObjectReference

secret is a reference to an existing secret that you want to use in your build.

ImageSource [v1/build.openshift.io]

The following table describes the parameters for ImageSource object:

Field Type Description

as

string array

A list of image names that this source will be used in place of during a multi-stage container image build. For instance, a Dockerfile that uses "COPY --from=nginx:latest" will first check for an image source that has "nginx:latest" in this field before attempting to pull directly. If the Dockerfile does not reference an image source it is ignored. This field and paths may both be set, in which case the contents will be used twice.

from

ObjectReference

from is a reference to an ImageStreamTag, ImageStreamImage, or DockerImage to copy source from.

paths

ImageSourcePath array

paths is a list of source and destination paths to copy from the image. This content will be copied into the build context prior to starting the build. If no paths are set, the build context will not be altered.

pullSecret

LocalObjectReference

pullSecret is a reference to a secret to be used to pull the image from a registry If the image is pulled from the OpenShift registry, this field does not need to be set.

ImageSourcePath [v1/build.openshift.io]

The following table describes the parameters for ImageSourcePath object:

Field Type Description

destinationDir

string

destinationDir is the relative directory within the build directory where files copied from the image are placed.

sourcePath

string

sourcePath is the absolute path of the file or directory inside the image to copy to the build directory. If the source path ends in /. then the content of the directory will be copied, but the directory itself will not be created at the destination.

GitBuildSource [v1/build.openshift.io]

The following table describes the parameters for GitBuildSource object:

Field Type Description

httpProxy

string

httpProxy is a proxy used to reach the git repository over http

httpsProxy

string

httpsProxy is a proxy used to reach the git repository over https

noProxy

string

noProxy is the list of domains for which the proxy should not be used

ref

string

ref is the branch/tag/ref to build.

uri

string

uri points to the source that will be built. The structure of the source will depend on the type of build to run

ConfigMapBuildSource [v1/build.openshift.io]

The following table describes the parameters for ConfigMapBuildSource object:

Field Type Description

configMap

LocalObjectReference

configMap is a reference to an existing configmap that you want to use in your build.

destinationDir

string

destinationDir is the directory where the files from the configmap should be available for the build time. For the Source build strategy, these will be injected into a container where the assemble script runs. For the container image build strategy, these will be copied into the build directory, where the Dockerfile is located, so users can ADD or COPY them during container image build.

BinaryBuildSource [v1/build.openshift.io]

The following table describes the parameters for BinaryBuildSource object:

Field Type Description

asFile

string

asFile indicates that the provided binary input should be considered a single file within the build input. For example, specifying "webapp.war" would place the provided binary as /webapp.war for the builder. If left empty, the Docker and Source build strategies assume this file is a zip, tar, or tar.gz file and extract it as the source. The custom strategy receives this binary as standard input. This filename may not contain slashes or be '..' or '.'.

ResourceRequirements [v1/core]

The following table describes the parameters for ResourceRequirements object:

Field Type Description

limits

object

Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

requests

object

Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

BuildPostCommitSpec [v1/build.openshift.io]

The following table describes the parameters for BuildPostCommitSpec object:

Field Type Description

args

string array

args is a list of arguments that are provided to either Command, Script or the container image’s default entrypoint. The arguments are placed immediately after the command to be run.

command

string array

command is the command to run. It may not be specified with Script. This might be needed if the image doesn’t have /bin/sh, or if you do not want to use a shell. In all other cases, using Script might be more convenient.

script

string

script is a shell script to be run with /bin/sh -ic. It may not be specified with Command. Use Script when a shell script is appropriate to execute the post build hook, for example for running unit tests with rake test. If you need control over the image entrypoint, or if the image does not have /bin/sh, use Command and/or Args. The -i flag is needed to support CentOS and RHEL images that use Software Collections (SCL), in order to have the appropriate collections enabled in the shell. E.g., in the Ruby image, this is necessary to make ruby, bundle and other binaries available in the PATH.

BuildOutput [v1/build.openshift.io]

The following table describes the parameters for BuildOutput object:

Field Type Description

imageLabels

ImageLabel array

imageLabels define a list of labels that are applied to the resulting image. If there are multiple labels with the same name then the last one in the list is used.

pushSecret

LocalObjectReference

PushSecret is the name of a Secret that would be used for setting up the authentication for executing the Docker push to authentication enabled Docker Registry (or Docker Hub).

to

ObjectReference

to defines an optional location to push the output of this build to. Kind must be one of 'ImageStreamTag' or 'DockerImage'. This value will be used to look up a container image repository to push to. In the case of an ImageStreamTag, the ImageStreamTag will be looked for in the namespace of the build unless Namespace is specified.

ImageLabel [v1/build.openshift.io]

The following table describes the parameters for ImageLabel object:

Field Type Description

name

string

name defines the name of the label. It must have non-zero length.

value

string

value defines the literal value of the label.

ObjectMeta_v2 [v1/meta]

The following table describes the parameters for ObjectMeta_v2 object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

BuildConfig v1 build.openshift.io

Appears in

BuildConfigList [build.openshift.io/v1]

Definitions

BuildConfig [v1/build.openshift.io]

The following table describes the parameters for the BuildConfig object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

spec

BuildConfigSpec

spec holds all the input necessary to produce a new build, and the conditions when to trigger them.

status

BuildConfigStatus

status holds any relevant information about a build config

BuildConfigSpec [v1/build.openshift.io]

The following table describes the parameters for BuildConfigSpec object:

Field Type Description

completionDeadlineSeconds

integer

completionDeadlineSeconds is an optional duration in seconds, counted from the time when a build pod gets scheduled in the system, that the build may be active on a node before the system actively tries to terminate the build; value must be positive integer

failedBuildsHistoryLimit

integer

failedBuildsHistoryLimit is the number of old failed builds to retain. When a BuildConfig is created, the 5 most recent failed builds are retained unless this value is set. If removed after the BuildConfig has been created, all failed builds are retained.

nodeSelector

object

nodeSelector is a selector which must be true for the build pod to fit on a node If nil, it can be overridden by default build nodeselector values for the cluster. If set to an empty map or a map with any values, default build nodeselector values are ignored.

output

BuildOutput

output describes the container image the Strategy should produce.

postCommit

BuildPostCommitSpec

postCommit is a build hook executed after the build output image is committed, before it is pushed to a registry.

resources

ResourceRequirements

resources computes resource requirements to execute the build.

revision

SourceRevision

revision is the information from the source for a specific repo snapshot. This is optional.

runPolicy

string

RunPolicy describes how the new build created from this build configuration will be scheduled for execution. This is optional, if not specified we default to "Serial".

serviceAccount

string

serviceAccount is the name of the ServiceAccount to use to run the pod created by this build. The pod will be allowed to use secrets referenced by the ServiceAccount

source

BuildSource

source describes the SCM in use.

strategy

BuildStrategy

strategy defines how to perform a build.

successfulBuildsHistoryLimit

integer

successfulBuildsHistoryLimit is the number of old successful builds to retain. When a BuildConfig is created, the 5 most recent successful builds are retained unless this value is set. If removed after the BuildConfig has been created, all successful builds are retained.

triggers

BuildTriggerPolicy array

triggers determine how new Builds can be launched from a BuildConfig. If no triggers are defined, a new build can only occur as a result of an explicit client build creation.

BuildConfigStatus [v1/build.openshift.io]

The following table describes the parameters for BuildConfigStatus object:

Field Type Description

lastVersion

integer

lastVersion is used to inform about number of last triggered build.

BuildConfigList [v1/build.openshift.io]

The following table describes the parameters for BuildConfigList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

BuildConfig array

items is a list of build configs

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

BuildTriggerPolicy [v1/build.openshift.io]

The following table describes the parameters for BuildTriggerPolicy object:

Field Type Description

bitbucket

WebHookTrigger

BitbucketWebHook contains the parameters for a Bitbucket webhook type of trigger

generic

WebHookTrigger

generic contains the parameters for a Generic webhook type of trigger

github

WebHookTrigger

github contains the parameters for a GitHub webhook type of trigger

gitlab

WebHookTrigger

GitLabWebHook contains the parameters for a GitLab webhook type of trigger

imageChange

ImageChangeTrigger

imageChange contains parameters for an ImageChange type of trigger

type

string

type is the type of build trigger

ImageChangeTrigger [v1/build.openshift.io]

The following table describes the parameters for ImageChangeTrigger object:

Field Type Description

from

ObjectReference

from is a reference to an ImageStreamTag that will trigger a build when updated It is optional. If no From is specified, the From image from the build strategy will be used. Only one ImageChangeTrigger with an empty From reference is allowed in a build configuration.

lastTriggeredImageID

string

lastTriggeredImageID is used internally by the ImageChangeController to save last used image ID for build

paused

boolean

paused is true if this trigger is temporarily disabled. Optional.

ObjectReference [v1/core]

The following table describes the parameters for ObjectReference object:

Field Type Description

apiVersion

string

API version of the referent.

fieldPath

string

If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

WebHookTrigger [v1/build.openshift.io]

The following table describes the parameters for WebHookTrigger object:

Field Type Description

allowEnv

boolean

allowEnv determines whether the webhook can set environment variables; can only be set to true for GenericWebHook.

secret

string

secret used to validate requests. Deprecated: use SecretReference instead.

secretReference

SecretLocalReference

secretReference is a reference to a secret in the same namespace, containing the value to be validated when the webhook is invoked. The secret being referenced must contain a key named "WebHookSecretKey", the value of which will be checked against the value supplied in the webhook invocation.

SecretLocalReference [v1/build.openshift.io]

The following table describes the parameters for SecretLocalReference object:

Field Type Description

name

string

Name is the name of the resource in the same namespace being referenced

BuildStrategy [v1/build.openshift.io]

The following table describes the parameters for BuildStrategy object:

Field Type Description

customStrategy

CustomBuildStrategy

customStrategy holds the parameters to the Custom build strategy

dockerStrategy

DockerBuildStrategy

dockerStrategy holds the parameters to the container image build strategy.

jenkinsPipelineStrategy

JenkinsPipelineBuildStrategy

JenkinsPipelineStrategy holds the parameters to the Jenkins Pipeline build strategy.

sourceStrategy

SourceBuildStrategy

sourceStrategy holds the parameters to the Source build strategy.

type

string

type is the kind of build strategy.

SourceBuildStrategy [v1/build.openshift.io]

The following table describes the parameters for SourceBuildStrategy object:

Field Type Description

env

EnvVar array

env contains additional environment variables you want to pass into a builder container.

forcePull

boolean

forcePull describes if the builder should pull the images from registry prior to building.

from

ObjectReference

from is reference to an DockerImage, ImageStreamTag, or ImageStreamImage from which the container image should be pulled

incremental

boolean

incremental flag forces the Source build to do incremental builds if true.

pullSecret

LocalObjectReference

pullSecret is the name of a Secret that would be used for setting up the authentication for pulling the container images from the private Docker registries

scripts

string

scripts is the location of Source scripts

LocalObjectReference [v1/core]

The following table describes the parameters for LocalObjectReference object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

EnvVar [v1/core]

The following table describes the parameters for EnvVar object:

Field Type Description

name

string

Name of the environment variable. Must be a C_IDENTIFIER.

value

string

Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".

valueFrom

EnvVarSource

Source for the environment variable’s value. Cannot be used if value is not empty.

EnvVarSource [v1/core]

The following table describes the parameters for EnvVarSource object:

Field Type Description

configMapKeyRef

ConfigMapKeySelector

Selects a key of a ConfigMap.

fieldRef

ObjectFieldSelector

Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP.

resourceFieldRef

ResourceFieldSelector

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.

secretKeyRef

SecretKeySelector

Selects a key of a secret in the pod’s namespace

SecretKeySelector [v1/core]

The following table describes the parameters for SecretKeySelector object:

Field Type Description

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

ResourceFieldSelector [v1/core]

The following table describes the parameters for ResourceFieldSelector object:

Field Type Description

containerName

string

Container name: required for volumes, optional for env vars

divisor

Quantity

Specifies the output format of the exposed resources, defaults to "1"

resource

string

Required: resource to select

Quantity [resource/core]

The following table describes the parameters for Quantity object:

Field

Type

Description

ObjectFieldSelector [v1/core]

The following table describes the parameters for ObjectFieldSelector object:

Field Type Description

apiVersion

string

Version of the schema the FieldPath is written in terms of, defaults to "v1".

fieldPath

string

Path of the field to select in the specified API version.

ConfigMapKeySelector [v1/core]

The following table describes the parameters for ConfigMapKeySelector object:

Field Type Description

key

string

The key to select.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its key must be defined

JenkinsPipelineBuildStrategy [v1/build.openshift.io]

The following table describes the parameters for JenkinsPipelineBuildStrategy object:

Field Type Description

env

EnvVar array

env contains additional environment variables you want to pass into a build pipeline.

jenkinsfile

string

Jenkinsfile defines the optional raw contents of a Jenkinsfile which defines a Jenkins pipeline build.

jenkinsfilePath

string

JenkinsfilePath is the optional path of the Jenkinsfile that will be used to configure the pipeline relative to the root of the context (contextDir). If both JenkinsfilePath & Jenkinsfile are both not specified, this defaults to Jenkinsfile in the root of the specified contextDir.

DockerBuildStrategy [v1/build.openshift.io]

The following table describes the parameters for DockerBuildStrategy object:

Field Type Description

buildArgs

EnvVar array

buildArgs contains build arguments that will be resolved in the Dockerfile. See https://docs.docker.com/engine/reference/builder/#/arg for more details.

dockerfilePath

string

dockerfilePath is the path of the Dockerfile that will be used to build the container image, relative to the root of the context (contextDir).

env

EnvVar array

env contains additional environment variables you want to pass into a builder container.

forcePull

boolean

forcePull describes if the builder should pull the images from registry prior to building.

from

ObjectReference

from is reference to an DockerImage, ImageStreamTag, or ImageStreamImage from which the container image should be pulled the resulting image will be used in the FROM line of the Dockerfile for this build.

imageOptimizationPolicy

string

imageOptimizationPolicy describes what optimizations the system can use when building images to reduce the final size or time spent building the image. The default policy is 'None' which means the final build image will be equivalent to an image created by the container image build API. The experimental policy 'SkipLayers' will avoid commiting new layers in between each image step, and will fail if the Dockerfile cannot provide compatibility with the 'None' policy. An additional experimental policy 'SkipLayersAndWarn' is the same as 'SkipLayers' but simply warns if compatibility cannot be preserved.

noCache

boolean

noCache if set to true indicates that the container image build must be executed with the --no-cache=true flag

pullSecret

LocalObjectReference

pullSecret is the name of a Secret that would be used for setting up the authentication for pulling the container images from the private Docker registries

CustomBuildStrategy [v1/build.openshift.io]

The following table describes the parameters for CustomBuildStrategy object:

Field Type Description

buildAPIVersion

string

buildAPIVersion is the requested API version for the Build object serialized and passed to the custom builder

env

EnvVar array

env contains additional environment variables you want to pass into a builder container.

exposeDockerSocket

boolean

exposeDockerSocket will allow running Docker commands (and build container images) from inside the container.

forcePull

boolean

forcePull describes if the controller should configure the build pod to always pull the images for the builder or only pull if it is not present locally

from

ObjectReference

from is reference to an DockerImage, ImageStreamTag, or ImageStreamImage from which the container image should be pulled

pullSecret

LocalObjectReference

pullSecret is the name of a Secret that would be used for setting up the authentication for pulling the container images from the private Docker registries

secrets

SecretSpec array

secrets is a list of additional secrets that will be included in the build pod

SecretSpec [v1/build.openshift.io]

The following table describes the parameters for SecretSpec object:

Field Type Description

mountPath

string

mountPath is the path at which to mount the secret

secretSource

LocalObjectReference

secretSource is a reference to the secret

BuildSource [v1/build.openshift.io]

The following table describes the parameters for BuildSource object:

Field Type Description

binary

BinaryBuildSource

binary builds accept a binary as their input. The binary is generally assumed to be a tar, gzipped tar, or zip file depending on the strategy. For container image builds, this is the build context and an optional Dockerfile may be specified to override any Dockerfile in the build context. For Source builds, this is assumed to be an archive as described above. For Source and container image builds, if binary.asFile is set the build will receive a directory with a single file. contextDir may be used when an archive is provided. Custom builds will receive this binary as input on STDIN.

configMaps

ConfigMapBuildSource array

configMaps represents a list of configMaps and their destinations that will be used for the build.

contextDir

string

contextDir specifies the sub-directory where the source code for the application exists. This allows to have buildable sources in directory other than root of repository.

dockerfile

string

dockerfile is the raw contents of a Dockerfile which should be built. When this option is specified, the FROM may be modified based on your strategy base image and additional ENV stanzas from your strategy environment will be added after the FROM, but before the rest of your Dockerfile stanzas. The Dockerfile source type may be used with other options like git - in those cases the Git repo will have any innate Dockerfile replaced in the context dir.

git

GitBuildSource

git contains optional information about git build source

images

ImageSource array

images describes a set of images to be used to provide source for the build

secrets

SecretBuildSource array

secrets represents a list of secrets and their destinations that will be used only for the build.

sourceSecret

LocalObjectReference

sourceSecret is the name of a Secret that would be used for setting up the authentication for cloning private repository. The secret contains valid credentials for remote repository, where the data’s key represent the authentication method to be used and value is the base64 encoded credentials. Supported auth methods are: ssh-privatekey.

type

string

type of build input to accept

SecretBuildSource [v1/build.openshift.io]

The following table describes the parameters for SecretBuildSource object:

Field Type Description

destinationDir

string

destinationDir is the directory where the files from the secret should be available for the build time. For the Source build strategy, these will be injected into a container where the assemble script runs. Later, when the script finishes, all files injected will be truncated to zero length. For the container image build strategy, these will be copied into the build directory, where the Dockerfile is located, so users can ADD or COPY them during container image build.

secret

LocalObjectReference

secret is a reference to an existing secret that you want to use in your build.

ImageSource [v1/build.openshift.io]

The following table describes the parameters for ImageSource object:

Field Type Description

as

string array

A list of image names that this source will be used in place of during a multi-stage container image build. For instance, a Dockerfile that uses "COPY --from=nginx:latest" will first check for an image source that has "nginx:latest" in this field before attempting to pull directly. If the Dockerfile does not reference an image source it is ignored. This field and paths may both be set, in which case the contents will be used twice.

from

ObjectReference

from is a reference to an ImageStreamTag, ImageStreamImage, or DockerImage to copy source from.

paths

ImageSourcePath array

paths is a list of source and destination paths to copy from the image. This content will be copied into the build context prior to starting the build. If no paths are set, the build context will not be altered.

pullSecret

LocalObjectReference

pullSecret is a reference to a secret to be used to pull the image from a registry If the image is pulled from the OpenShift registry, this field does not need to be set.

ImageSourcePath [v1/build.openshift.io]

The following table describes the parameters for ImageSourcePath object:

Field Type Description

destinationDir

string

destinationDir is the relative directory within the build directory where files copied from the image are placed.

sourcePath

string

sourcePath is the absolute path of the file or directory inside the image to copy to the build directory. If the source path ends in /. then the content of the directory will be copied, but the directory itself will not be created at the destination.

GitBuildSource [v1/build.openshift.io]

The following table describes the parameters for GitBuildSource object:

Field Type Description

httpProxy

string

httpProxy is a proxy used to reach the git repository over http

httpsProxy

string

httpsProxy is a proxy used to reach the git repository over https

noProxy

string

noProxy is the list of domains for which the proxy should not be used

ref

string

ref is the branch/tag/ref to build.

uri

string

uri points to the source that will be built. The structure of the source will depend on the type of build to run

ConfigMapBuildSource [v1/build.openshift.io]

The following table describes the parameters for ConfigMapBuildSource object:

Field Type Description

configMap

LocalObjectReference

configMap is a reference to an existing configmap that you want to use in your build.

destinationDir

string

destinationDir is the directory where the files from the configmap should be available for the build time. For the Source build strategy, these will be injected into a container where the assemble script runs. For the container image build strategy, these will be copied into the build directory, where the Dockerfile is located, so users can ADD or COPY them during container image build.

BinaryBuildSource [v1/build.openshift.io]

The following table describes the parameters for BinaryBuildSource object:

Field Type Description

asFile

string

asFile indicates that the provided binary input should be considered a single file within the build input. For example, specifying "webapp.war" would place the provided binary as /webapp.war for the builder. If left empty, the Docker and Source build strategies assume this file is a zip, tar, or tar.gz file and extract it as the source. The custom strategy receives this binary as standard input. This filename may not contain slashes or be '..' or '.'.

SourceRevision [v1/build.openshift.io]

The following table describes the parameters for SourceRevision object:

Field Type Description

git

GitSourceRevision

Git contains information about git-based build source

type

string

type of the build source, may be one of 'Source', 'Dockerfile', 'Binary', or 'Images'

GitSourceRevision [v1/build.openshift.io]

The following table describes the parameters for GitSourceRevision object:

Field Type Description

author

SourceControlUser

author is the author of a specific commit

commit

string

commit is the commit hash identifying a specific commit

committer

SourceControlUser

committer is the committer of a specific commit

message

string

message is the description of a specific commit

SourceControlUser [v1/build.openshift.io]

The following table describes the parameters for SourceControlUser object:

Field Type Description

email

string

email of the source control user

name

string

name of the source control user

ResourceRequirements [v1/core]

The following table describes the parameters for ResourceRequirements object:

Field Type Description

limits

object

Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

requests

object

Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

BuildPostCommitSpec [v1/build.openshift.io]

The following table describes the parameters for BuildPostCommitSpec object:

Field Type Description

args

string array

args is a list of arguments that are provided to either Command, Script or the container image’s default entrypoint. The arguments are placed immediately after the command to be run.

command

string array

command is the command to run. It may not be specified with Script. This might be needed if the image doesn’t have /bin/sh, or if you do not want to use a shell. In all other cases, using Script might be more convenient.

script

string

script is a shell script to be run with /bin/sh -ic. It may not be specified with Command. Use Script when a shell script is appropriate to execute the post build hook, for example for running unit tests with rake test. If you need control over the image entrypoint, or if the image does not have /bin/sh, use Command and/or Args. The -i flag is needed to support CentOS and RHEL images that use Software Collections (SCL), in order to have the appropriate collections enabled in the shell. E.g., in the Ruby image, this is necessary to make ruby, bundle and other binaries available in the PATH.

BuildOutput [v1/build.openshift.io]

The following table describes the parameters for BuildOutput object:

Field Type Description

imageLabels

ImageLabel array

imageLabels define a list of labels that are applied to the resulting image. If there are multiple labels with the same name then the last one in the list is used.

pushSecret

LocalObjectReference

PushSecret is the name of a Secret that would be used for setting up the authentication for executing the Docker push to authentication enabled Docker Registry (or Docker Hub).

to

ObjectReference

to defines an optional location to push the output of this build to. Kind must be one of 'ImageStreamTag' or 'DockerImage'. This value will be used to look up a container image repository to push to. In the case of an ImageStreamTag, the ImageStreamTag will be looked for in the namespace of the build unless Namespace is specified.

ImageLabel [v1/build.openshift.io]

The following table describes the parameters for ImageLabel object:

Field Type Description

name

string

name defines the name of the label. It must have non-zero length.

value

string

value defines the literal value of the label.

ObjectMeta_v2 [v1/meta]

The following table describes the parameters for ObjectMeta_v2 object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

CertificateSigningRequest v1beta1 certificates

Appears in

CertificateSigningRequestList [certificates/v1beta1]

Definitions

CertificateSigningRequest [v1beta1/certificates]

The following table describes the parameters for the CertificateSigningRequest object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

spec

CertificateSigningRequestSpec

The certificate request itself and any additional information.

status

CertificateSigningRequestStatus

Derived information about the request.

CertificateSigningRequestSpec [v1beta1/certificates]

The following table describes the parameters for CertificateSigningRequestSpec object:

Field Type Description

extra

object

Extra information about the requesting user. See user.Info interface for details.

groups

string array

Group information about the requesting user. See user.Info interface for details.

request

string

Base64-encoded PKCS#10 CSR data

uid

string

UID information about the requesting user. See user.Info interface for details.

usages

string array

allowedUsages specifies a set of usage contexts the key will be valid for. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12

username

string

Information about the requesting user. See user.Info interface for details.

CertificateSigningRequestStatus [v1beta1/certificates]

The following table describes the parameters for CertificateSigningRequestStatus object:

Field Type Description

certificate

string

If request was approved, the controller will place the issued certificate here.

conditions

CertificateSigningRequestCondition array

Conditions applied to the request, such as approval or denial.

CertificateSigningRequestList [v1beta1/certificates]

The following table describes the parameters for CertificateSigningRequestList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

CertificateSigningRequest array

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

CertificateSigningRequestCondition [v1beta1/certificates]

The following table describes the parameters for CertificateSigningRequestCondition object:

Field Type Description

lastUpdateTime

Time

timestamp for the last update to this condition

message

string

human readable message with details about the request state

reason

string

brief reason for the request state

type

string

request approval state, currently Approved or Denied.

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a CertificateSigningRequest

HTTP request

post /apis/certificates.k8s.io/v1beta1/certificatesigningrequests

Table 1279. HTTP body
Object	Type
`body`	CertificateSigningRequest

Table 1280. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1281. HTTP responses
Code	Type
200 - OK	CertificateSigningRequest
201 - Created	CertificateSigningRequest
202 - Accepted	CertificateSigningRequest

Patch

partially update the specified CertificateSigningRequest

HTTP request

patch /apis/certificates.k8s.io/v1beta1/certificatesigningrequests/{name}

Table 1282. HTTP body
Object	Type
`body`	Patch

Table 1283. Path parameters
Parameter	Description
`name`	name of the CertificateSigningRequest

Table 1284. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1285. HTTP responses
Code	Type
200 - OK	CertificateSigningRequest

Replace

replace the specified CertificateSigningRequest

HTTP request

put /apis/certificates.k8s.io/v1beta1/certificatesigningrequests/{name}

Table 1286. HTTP body
Object	Type
`body`	CertificateSigningRequest

Table 1287. Path parameters
Parameter	Description
`name`	name of the CertificateSigningRequest

Table 1288. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1289. HTTP responses
Code	Type
200 - OK	CertificateSigningRequest
201 - Created	CertificateSigningRequest

Delete

delete a CertificateSigningRequest

HTTP request

delete /apis/certificates.k8s.io/v1beta1/certificatesigningrequests/{name}

Table 1290. HTTP body
Object	Type
`body`	DeleteOptions

Table 1291. Path parameters
Parameter	Description
`name`	name of the CertificateSigningRequest

Table 1292. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 1293. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of CertificateSigningRequest

HTTP request

delete /apis/certificates.k8s.io/v1beta1/certificatesigningrequests

Table 1294. HTTP body
Object	Type
`body`	DeleteOptions

Table 1295. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1296. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified CertificateSigningRequest

HTTP request

get /apis/certificates.k8s.io/v1beta1/certificatesigningrequests/{name}

Table 1297. Path parameters
Parameter	Description
`name`	name of the CertificateSigningRequest

Table 1298. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 1299. HTTP responses
Code	Type
200 - OK	CertificateSigningRequest

List

list or watch objects of kind CertificateSigningRequest

HTTP request

get /apis/certificates.k8s.io/v1beta1/certificatesigningrequests

Table 1300. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1301. HTTP responses
Code	Type
200 - OK	CertificateSigningRequestList

Watch

watch changes to an object of kind CertificateSigningRequest. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /apis/certificates.k8s.io/v1beta1/watch/certificatesigningrequests/{name}

Table 1302. Path parameters
Parameter	Description
`name`	name of the CertificateSigningRequest

Table 1303. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1304. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of CertificateSigningRequest. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/certificates.k8s.io/v1beta1/watch/certificatesigningrequests

Table 1305. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1306. HTTP responses
Code	Type
200 - OK	WatchEvent

Status Operations

Patch Status

partially update status of the specified CertificateSigningRequest

HTTP request

patch /apis/certificates.k8s.io/v1beta1/certificatesigningrequests/{name}/status

Table 1307. HTTP body
Object	Type
`body`	Patch

Table 1308. Path parameters
Parameter	Description
`name`	name of the CertificateSigningRequest

Table 1309. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1310. HTTP responses
Code	Type
200 - OK	CertificateSigningRequest

Read Status

read status of the specified CertificateSigningRequest

HTTP request

get /apis/certificates.k8s.io/v1beta1/certificatesigningrequests/{name}/status

Table 1311. Path parameters
Parameter	Description
`name`	name of the CertificateSigningRequest

Table 1312. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 1313. HTTP responses
Code	Type
200 - OK	CertificateSigningRequest

Replace Status

replace status of the specified CertificateSigningRequest

HTTP request

put /apis/certificates.k8s.io/v1beta1/certificatesigningrequests/{name}/status

Table 1314. HTTP body
Object	Type
`body`	CertificateSigningRequest

Table 1315. Path parameters
Parameter	Description
`name`	name of the CertificateSigningRequest

Table 1316. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1317. HTTP responses
Code	Type
200 - OK	CertificateSigningRequest
201 - Created	CertificateSigningRequest

CredentialsRequest v1 cloudcredential.openshift.io

Appears in

CredentialsRequestList [cloudcredential.openshift.io/v1]

Definitions

CredentialsRequest [v1/cloudcredential.openshift.io]

The following table describes the parameters for the CredentialsRequest object:

Field

Type

Description

CredentialsRequestList [v1/cloudcredential.openshift.io]

The following table describes the parameters for CredentialsRequestList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

CredentialsRequest array

List of credentialsrequests. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

APIServer v1 config.openshift.io

Appears in

APIServerList [config.openshift.io/v1]

Definitions

APIServer [v1/config.openshift.io]

The following table describes the parameters for the APIServer object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

status

object

APIServerList [v1/config.openshift.io]

The following table describes the parameters for APIServerList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

APIServer array

List of apiservers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Authentication v1 config.openshift.io

Appears in

AuthenticationList [config.openshift.io/v1]

Definitions

Authentication [v1/config.openshift.io]

The following table describes the parameters for the Authentication object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec holds user settable values for configuration

status

object

status holds observed values from the cluster. They may not be overridden.

AuthenticationList [v1/config.openshift.io]

The following table describes the parameters for AuthenticationList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Authentication array

List of authentications. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Build v1 config.openshift.io

Appears in

BuildList [config.openshift.io/v1]

Definitions

Build [v1/config.openshift.io]

The following table describes the parameters for the Build object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

Spec holds user-settable values for the build controller configuration

BuildList [v1/config.openshift.io]

The following table describes the parameters for BuildList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Build array

List of builds. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

ClusterOperator v1 config.openshift.io

Appears in

ClusterOperatorList [config.openshift.io/v1]

Definitions

ClusterOperator [v1/config.openshift.io]

The following table describes the parameters for the ClusterOperator object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec hold the intent of how this operator should behave.

status

object

status holds the information about the state of an operator. It is consistent with status information across the kube ecosystem.

ClusterOperatorList [v1/config.openshift.io]

The following table describes the parameters for ClusterOperatorList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

ClusterOperator array

List of clusteroperators. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

ClusterVersion v1 config.openshift.io

Appears in

ClusterVersionList [config.openshift.io/v1]

Definitions

ClusterVersion [v1/config.openshift.io]

The following table describes the parameters for the ClusterVersion object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec is the desired state of the cluster version - the operator will work to ensure that the desired version is applied to the cluster.

status

object

status contains information about the available updates and any in-progress updates.

ClusterVersionList [v1/config.openshift.io]

The following table describes the parameters for ClusterVersionList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

ClusterVersion array

List of clusterversions. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Console v1 config.openshift.io

Appears in

ConsoleList [config.openshift.io/v1]

Definitions

Console [v1/config.openshift.io]

The following table describes the parameters for the Console object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec holds user settable values for configuration

status

object

status holds observed values from the cluster. They may not be overridden.

ConsoleList [v1/config.openshift.io]

The following table describes the parameters for ConsoleList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Console array

List of consoles. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

DNS v1 config.openshift.io

Appears in

DNSList [config.openshift.io/v1]

Definitions

DNS [v1/config.openshift.io]

The following table describes the parameters for the DNS object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec holds user settable values for configuration

status

object

status holds observed values from the cluster. They may not be overridden.

DNSList [v1/config.openshift.io]

The following table describes the parameters for DNSList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

DNS array

List of dnses. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

FeatureGate v1 config.openshift.io

Appears in

FeatureGateList [config.openshift.io/v1]

Definitions

FeatureGate [v1/config.openshift.io]

The following table describes the parameters for the FeatureGate object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec holds user settable values for configuration

status

object

status holds observed values from the cluster. They may not be overridden.

FeatureGateList [v1/config.openshift.io]

The following table describes the parameters for FeatureGateList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

FeatureGate array

List of featuregates. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Image v1 config.openshift.io

Appears in

ImageList [config.openshift.io/v1]

Definitions

Image [v1/config.openshift.io]

The following table describes the parameters for the Image object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec holds user settable values for configuration

status

object

status holds observed values from the cluster. They may not be overridden.

ImageList [v1/config.openshift.io]

The following table describes the parameters for ImageList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Image array

List of images. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Infrastructure v1 config.openshift.io

Appears in

InfrastructureList [config.openshift.io/v1]

Definitions

Infrastructure [v1/config.openshift.io]

The following table describes the parameters for the Infrastructure object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec holds user settable values for configuration

status

object

status holds observed values from the cluster. They may not be overridden.

InfrastructureList [v1/config.openshift.io]

The following table describes the parameters for InfrastructureList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Infrastructure array

List of infrastructures. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Ingress v1 config.openshift.io

Appears in

IngressList [config.openshift.io/v1]

Definitions

Ingress [v1/config.openshift.io]

The following table describes the parameters for the Ingress object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec holds user settable values for configuration

status

object

status holds observed values from the cluster. They may not be overridden.

IngressList [v1/config.openshift.io]

The following table describes the parameters for IngressList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Ingress array

List of ingresses. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Network v1 config.openshift.io

Appears in

NetworkList [config.openshift.io/v1]

Definitions

Network [v1/config.openshift.io]

The following table describes the parameters for the Network object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec holds user settable values for configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.

status

object

status holds observed values from the cluster. They may not be overridden.

NetworkList [v1/config.openshift.io]

The following table describes the parameters for NetworkList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Network array

List of networks. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

OAuth v1 config.openshift.io

Appears in

OAuthList [config.openshift.io/v1]

Definitions

OAuth [v1/config.openshift.io]

The following table describes the parameters for the OAuth object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

OAuthSpec contains desired cluster auth configuration

status

object

OAuthStatus shows current known state of OAuth server in the cluster

OAuthList [v1/config.openshift.io]

The following table describes the parameters for OAuthList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

OAuth array

List of oauths. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

OperatorHub v1 config.openshift.io

Appears in

OperatorHubList [config.openshift.io/v1]

Definitions

OperatorHub [v1/config.openshift.io]

The following table describes the parameters for the OperatorHub object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

OperatorHubSpec defines the desired state of OperatorHub

status

object

OperatorHubStatus defines the observed state of OperatorHub. The current state of the default hub sources will always be reflected here.

OperatorHubList [v1/config.openshift.io]

The following table describes the parameters for OperatorHubList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

OperatorHub array

List of operatorhubs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Project v1 config.openshift.io

Appears in

ProjectList [config.openshift.io/v1]

Definitions

Project [v1/config.openshift.io]

The following table describes the parameters for the Project object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec holds user settable values for configuration

status

object

status holds observed values from the cluster. They may not be overridden.

ProjectList [v1/config.openshift.io]

The following table describes the parameters for ProjectList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Project array

List of projects. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Proxy v1 config.openshift.io

Appears in

ProxyList [config.openshift.io/v1]

Definitions

Proxy [v1/config.openshift.io]

The following table describes the parameters for the Proxy object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

Spec holds user-settable values for the proxy configuration

status

object

status holds observed values from the cluster. They may not be overridden.

ProxyList [v1/config.openshift.io]

The following table describes the parameters for ProxyList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Proxy array

List of proxies. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Scheduler v1 config.openshift.io

Appears in

SchedulerList [config.openshift.io/v1]

Definitions

Scheduler [v1/config.openshift.io]

The following table describes the parameters for the Scheduler object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec holds user settable values for configuration

status

object

status holds observed values from the cluster. They may not be overridden.

SchedulerList [v1/config.openshift.io]

The following table describes the parameters for SchedulerList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Scheduler array

List of schedulers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

ConsoleCLIDownload v1 console.openshift.io

Appears in

ConsoleCLIDownloadList [console.openshift.io/v1]

Definitions

ConsoleCLIDownload [v1/console.openshift.io]

The following table describes the parameters for the ConsoleCLIDownload object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

ConsoleCLIDownloadSpec is the desired cli download configuration.

ConsoleCLIDownloadList [v1/console.openshift.io]

The following table describes the parameters for ConsoleCLIDownloadList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

ConsoleCLIDownload array

List of consoleclidownloads. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

ConsoleExternalLogLink v1 console.openshift.io

Appears in

ConsoleExternalLogLinkList [console.openshift.io/v1]

Definitions

ConsoleExternalLogLink [v1/console.openshift.io]

The following table describes the parameters for the ConsoleExternalLogLink object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

ConsoleExternalLogLinkSpec is the desired log link configuration. The log link will appear on the logs tab of the pod details page.

ConsoleExternalLogLinkList [v1/console.openshift.io]

The following table describes the parameters for ConsoleExternalLogLinkList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

ConsoleExternalLogLink array

List of consoleexternalloglinks. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

ConsoleLink v1 console.openshift.io

Appears in

ConsoleLinkList [console.openshift.io/v1]

Definitions

ConsoleLink [v1/console.openshift.io]

The following table describes the parameters for the ConsoleLink object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

ConsoleLinkSpec is the desired console link configuration.

ConsoleLinkList [v1/console.openshift.io]

The following table describes the parameters for ConsoleLinkList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

ConsoleLink array

List of consolelinks. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

ConsoleNotification v1 console.openshift.io

Appears in

ConsoleNotificationList [console.openshift.io/v1]

Definitions

ConsoleNotification [v1/console.openshift.io]

The following table describes the parameters for the ConsoleNotification object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

ConsoleNotificationSpec is the desired console notification configuration.

ConsoleNotificationList [v1/console.openshift.io]

The following table describes the parameters for ConsoleNotificationList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

ConsoleNotification array

List of consolenotifications. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

ConsoleYAMLSample v1 console.openshift.io

Appears in

ConsoleYAMLSampleList [console.openshift.io/v1]

Definitions

ConsoleYAMLSample [v1/console.openshift.io]

The following table describes the parameters for the ConsoleYAMLSample object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

ConsoleYAMLSampleSpec is the desired YAML sample configuration. Samples will appear with their descriptions in a samples sidebar when creating a resources in the web console.

ConsoleYAMLSampleList [v1/console.openshift.io]

The following table describes the parameters for ConsoleYAMLSampleList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

ConsoleYAMLSample array

List of consoleyamlsamples. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Lease v1 coordination

Appears in

LeaseList [coordination/v1]

Definitions

Lease [v1/coordination]

The following table describes the parameters for the Lease object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

LeaseSpec

Specification of the Lease. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

LeaseSpec [v1/coordination]

The following table describes the parameters for LeaseSpec object:

Field Type Description

acquireTime

MicroTime

acquireTime is a time when the current lease was acquired.

holderIdentity

string

holderIdentity contains the identity of the holder of a current lease.

leaseDurationSeconds

integer

leaseDurationSeconds is a duration that candidates for a lease need to wait to force acquire it. This is measure against time of last observed RenewTime.

leaseTransitions

integer

leaseTransitions is the number of transitions of a lease between holders.

renewTime

MicroTime

renewTime is a time when the current holder of a lease has last updated the lease.

LeaseList [v1/coordination]

The following table describes the parameters for LeaseList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Lease array

Items is a list of schema objects.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

MicroTime [v1/meta]

The following table describes the parameters for MicroTime object:

Field

Type

Description

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a Lease

HTTP request

post /apis/coordination.k8s.io/v1/namespaces/{namespace}/leases

Table 1318. HTTP body
Object	Type
`body`	Lease

Table 1319. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1320. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1321. HTTP responses
Code	Type
200 - OK	Lease
201 - Created	Lease
202 - Accepted	Lease

Patch

partially update the specified Lease

HTTP request

patch /apis/coordination.k8s.io/v1/namespaces/{namespace}/leases/{name}

Table 1322. HTTP body
Object	Type
`body`	Patch

Table 1323. Path parameters
Parameter	Description
`name`	name of the Lease
`namespace`	object name and auth scope, such as for teams and projects

Table 1324. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1325. HTTP responses
Code	Type
200 - OK	Lease

Replace

replace the specified Lease

HTTP request

put /apis/coordination.k8s.io/v1/namespaces/{namespace}/leases/{name}

Table 1326. HTTP body
Object	Type
`body`	Lease

Table 1327. Path parameters
Parameter	Description
`name`	name of the Lease
`namespace`	object name and auth scope, such as for teams and projects

Table 1328. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1329. HTTP responses
Code	Type
200 - OK	Lease
201 - Created	Lease

Delete

delete a Lease

HTTP request

delete /apis/coordination.k8s.io/v1/namespaces/{namespace}/leases/{name}

Table 1330. HTTP body
Object	Type
`body`	DeleteOptions

Table 1331. Path parameters
Parameter	Description
`name`	name of the Lease
`namespace`	object name and auth scope, such as for teams and projects

Table 1332. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 1333. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of Lease

HTTP request

delete /apis/coordination.k8s.io/v1/namespaces/{namespace}/leases

Table 1334. HTTP body
Object	Type
`body`	DeleteOptions

Table 1335. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1336. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1337. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified Lease

HTTP request

get /apis/coordination.k8s.io/v1/namespaces/{namespace}/leases/{name}

Table 1338. Path parameters
Parameter	Description
`name`	name of the Lease
`namespace`	object name and auth scope, such as for teams and projects

Table 1339. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 1340. HTTP responses
Code	Type
200 - OK	Lease

List

list or watch objects of kind Lease

HTTP request

get /apis/coordination.k8s.io/v1/namespaces/{namespace}/leases

Table 1341. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1342. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1343. HTTP responses
Code	Type
200 - OK	LeaseList

List All Namespaces

list or watch objects of kind Lease

HTTP request

get /apis/coordination.k8s.io/v1/leases

Table 1344. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1345. HTTP responses
Code	Type
200 - OK	LeaseList

Watch

watch changes to an object of kind Lease. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /apis/coordination.k8s.io/v1/watch/namespaces/{namespace}/leases/{name}

Table 1346. Path parameters
Parameter	Description
`name`	name of the Lease
`namespace`	object name and auth scope, such as for teams and projects

Table 1347. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1348. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of Lease. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/coordination.k8s.io/v1/watch/namespaces/{namespace}/leases

Table 1349. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1350. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1351. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List All Namespaces

watch individual changes to a list of Lease. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/coordination.k8s.io/v1/watch/leases

Table 1352. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1353. HTTP responses
Code	Type
200 - OK	WatchEvent

Event v1beta1 events

Appears in

EventList [events/v1beta1]

Definitions

Event [v1beta1/events]

The following table describes the parameters for the Event object:

Field Type Description

action

string

What action was taken/failed regarding to the regarding object.

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

deprecatedCount

integer

Deprecated field assuring backward compatibility with core.v1 Event type

deprecatedFirstTimestamp

Time

Deprecated field assuring backward compatibility with core.v1 Event type

deprecatedLastTimestamp

Time

Deprecated field assuring backward compatibility with core.v1 Event type

deprecatedSource

EventSource

Deprecated field assuring backward compatibility with core.v1 Event type

eventTime

MicroTime

Required. Time when this Event was first observed.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

note

string

Optional. A human-readable description of the status of this operation. Maximal length of the note is 1kB, but libraries should be prepared to handle values up to 64kB.

reason

string

Why the action was taken.

regarding

ObjectReference

The object this Event is about. In most cases it’s an Object reporting controller implements. E.g. ReplicaSetController implements ReplicaSets and this event is emitted because it acts on some changes in a ReplicaSet object.

related

ObjectReference

Optional secondary object for more complex actions. E.g. when regarding object triggers a creation or deletion of related object.

reportingController

string

Name of the controller that emitted this Event, e.g. kubernetes.io/kubelet.

reportingInstance

string

ID of the controller instance, e.g. kubelet-xyzf.

series

EventSeries

Data about the Event series this event represents or nil if it’s a singleton Event.

type

string

Type of this event (Normal, Warning), new types could be added in the future.

EventList [v1beta1/events]

The following table describes the parameters for EventList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Event array

Items is a list of schema objects.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

EventSeries [v1beta1/events]

The following table describes the parameters for EventSeries object:

Field Type Description

count

integer

Number of occurrences in this series up to the last heartbeat time

lastObservedTime

MicroTime

Time when last Event from the series was seen before last heartbeat.

state

string

Information whether this series is ongoing or finished. Deprecated. Planned removal for 1.18

MicroTime [v1/meta]

The following table describes the parameters for MicroTime object:

Field

Type

Description

ObjectReference [v1/core]

The following table describes the parameters for ObjectReference object:

Field Type Description

apiVersion

string

API version of the referent.

fieldPath

string

If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

EventSource [v1/core]

The following table describes the parameters for EventSource object:

Field Type Description

component

string

Component from which the event is generated.

host

string

Node name on which the event is generated.

Operations

Write Operations

Create

create an Event

HTTP request

post /apis/events.k8s.io/v1beta1/namespaces/{namespace}/events

Table 1354. HTTP body
Object	Type
`body`	Event

Table 1355. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1356. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1357. HTTP responses
Code	Type
200 - OK	Event
201 - Created	Event
202 - Accepted	Event

Patch

partially update the specified Event

HTTP request

patch /apis/events.k8s.io/v1beta1/namespaces/{namespace}/events/{name}

Table 1358. HTTP body
Object	Type
`body`	Patch

Table 1359. Path parameters
Parameter	Description
`name`	name of the Event
`namespace`	object name and auth scope, such as for teams and projects

Table 1360. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1361. HTTP responses
Code	Type
200 - OK	Event

Replace

replace the specified Event

HTTP request

put /apis/events.k8s.io/v1beta1/namespaces/{namespace}/events/{name}

Table 1362. HTTP body
Object	Type
`body`	Event

Table 1363. Path parameters
Parameter	Description
`name`	name of the Event
`namespace`	object name and auth scope, such as for teams and projects

Table 1364. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1365. HTTP responses
Code	Type
200 - OK	Event
201 - Created	Event

Delete

delete an Event

HTTP request

delete /apis/events.k8s.io/v1beta1/namespaces/{namespace}/events/{name}

Table 1366. HTTP body
Object	Type
`body`	DeleteOptions

Table 1367. Path parameters
Parameter	Description
`name`	name of the Event
`namespace`	object name and auth scope, such as for teams and projects

Table 1368. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 1369. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of Event

HTTP request

delete /apis/events.k8s.io/v1beta1/namespaces/{namespace}/events

Table 1370. HTTP body
Object	Type
`body`	DeleteOptions

Table 1371. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1372. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1373. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified Event

HTTP request

get /apis/events.k8s.io/v1beta1/namespaces/{namespace}/events/{name}

Table 1374. Path parameters
Parameter	Description
`name`	name of the Event
`namespace`	object name and auth scope, such as for teams and projects

Table 1375. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 1376. HTTP responses
Code	Type
200 - OK	Event

List

list or watch objects of kind Event

HTTP request

get /apis/events.k8s.io/v1beta1/namespaces/{namespace}/events

Table 1377. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1378. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1379. HTTP responses
Code	Type
200 - OK	EventList

List All Namespaces

list or watch objects of kind Event

HTTP request

get /apis/events.k8s.io/v1beta1/events

Table 1380. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1381. HTTP responses
Code	Type
200 - OK	EventList

Watch

watch changes to an object of kind Event. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /apis/events.k8s.io/v1beta1/watch/namespaces/{namespace}/events/{name}

Table 1382. Path parameters
Parameter	Description
`name`	name of the Event
`namespace`	object name and auth scope, such as for teams and projects

Table 1383. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1384. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of Event. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/events.k8s.io/v1beta1/watch/namespaces/{namespace}/events

Table 1385. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1386. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1387. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List All Namespaces

watch individual changes to a list of Event. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/events.k8s.io/v1beta1/watch/events

Table 1388. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1389. HTTP responses
Code	Type
200 - OK	WatchEvent

DaemonSet v1beta1 extensions

Appears in

DaemonSetList [extensions/v1beta1]

Definitions

DaemonSet [v1beta1/extensions]

The following table describes the parameters for the DaemonSet object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

DaemonSetSpec

The desired behavior of this daemon set. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

status

DaemonSetStatus

The current status of this daemon set. This data may be out of date by some window of time. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

DaemonSetSpec [v1beta1/extensions]

The following table describes the parameters for DaemonSetSpec object:

Field Type Description

minReadySeconds

integer

The minimum number of seconds for which a newly created DaemonSet pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready).

revisionHistoryLimit

integer

The number of old history to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 10.

selector

LabelSelector

A label query over pods that are managed by the daemon set. Must match in order to be controlled. If empty, defaulted to labels on Pod template. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors

template

PodTemplateSpec

An object that describes the pod that will be created. The DaemonSet will create exactly one copy of this pod on every node that matches the template’s node selector (or on every node if no node selector is specified). More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template

templateGeneration

integer

DEPRECATED. A sequence number representing a specific generation of the template. Populated by the system. It can be set only during the creation.

updateStrategy

DaemonSetUpdateStrategy

An update strategy to replace existing DaemonSet pods with new pods.

DaemonSetStatus [v1beta1/extensions]

The following table describes the parameters for DaemonSetStatus object:

Field Type Description

collisionCount

integer

Count of hash collisions for the DaemonSet. The DaemonSet controller uses this field as a collision avoidance mechanism when it needs to create the name for the newest ControllerRevision.

conditions

DaemonSetCondition array

Represents the latest available observations of a DaemonSet’s current state.

currentNumberScheduled

integer

The number of nodes that are running at least 1 daemon pod and are supposed to run the daemon pod. More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/

desiredNumberScheduled

integer

The total number of nodes that should be running the daemon pod (including nodes correctly running the daemon pod). More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/

numberAvailable

integer

The number of nodes that should be running the daemon pod and have one or more of the daemon pod running and available (ready for at least spec.minReadySeconds)

numberMisscheduled

integer

The number of nodes that are running the daemon pod, but are not supposed to run the daemon pod. More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/

numberReady

integer

The number of nodes that should be running the daemon pod and have one or more of the daemon pod running and ready.

numberUnavailable

integer

The number of nodes that should be running the daemon pod and have none of the daemon pod running and available (ready for at least spec.minReadySeconds)

observedGeneration

integer

The most recent generation observed by the daemon set controller.

updatedNumberScheduled

integer

The total number of nodes that are running updated daemon pod

DaemonSetList [v1beta1/extensions]

The following table describes the parameters for DaemonSetList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

DaemonSet array

A list of daemon sets.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

RollingUpdateDaemonSet [v1beta1/extensions]

The following table describes the parameters for RollingUpdateDaemonSet object:

Field Type Description

maxUnavailable

The maximum number of DaemonSet pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total number of DaemonSet pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding up. This cannot be 0. Default value is 1. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their pods stopped for an update at any given time. The update starts by stopping at most 30% of those DaemonSet pods and then brings up new DaemonSet pods in their place. Once the new pods are available, it then proceeds onto other DaemonSet pods, thus ensuring that at least 70% of original number of DaemonSet pods are available at all times during the update.

DaemonSetCondition [v1beta1/extensions]

The following table describes the parameters for DaemonSetCondition object:

Field Type Description

lastTransitionTime

Time

Last time the condition transitioned from one status to another.

message

string

A human readable message indicating details about the transition.

reason

string

The reason for the condition’s last transition.

status

string

Status of the condition, one of True, False, Unknown.

type

string

Type of DaemonSet condition.

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

DaemonSetUpdateStrategy [v1beta1/extensions]

The following table describes the parameters for DaemonSetUpdateStrategy object:

Field Type Description

rollingUpdate

RollingUpdateDaemonSet

Rolling update config params. Present only if type = "RollingUpdate".

type

string

Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is OnDelete.

PodTemplateSpec [v1/core]

The following table describes the parameters for PodTemplateSpec object:

Field Type Description

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

PodSpec

Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

PodSpec [v1/core]

The following table describes the parameters for PodSpec object:

Field Type Description

activeDeadlineSeconds

integer

Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.

affinity

Affinity

If specified, the pod’s scheduling constraints

automountServiceAccountToken

boolean

AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.

containers

Container array

List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.

dnsConfig

PodDNSConfig

Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.

dnsPolicy

string

Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.

enableServiceLinks

boolean

EnableServiceLinks indicates whether information about services should be injected into pod’s environment variables, matching the syntax of Docker links. Optional: Defaults to true.

ephemeralContainers

EphemeralContainer array

List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod’s ephemeralcontainers subresource. This field is alpha-level and is only honored by servers that enable the EphemeralContainers feature.

hostAliases

HostAlias array

HostAliases is an optional list of hosts and IPs that will be injected into the pod’s hosts file if specified. This is only valid for non-hostNetwork pods.

hostIPC

boolean

Use the host’s ipc namespace. Optional: Default to false.

hostNetwork

boolean

Host networking requested for this pod. Use the host’s network namespace. If this option is set, the ports that will be used must be specified. Default to false.

hostPID

boolean

Use the host’s pid namespace. Optional: Default to false.

hostname

string

Specifies the hostname of the Pod If not specified, the pod’s hostname will be set to a system-defined value.

imagePullSecrets

LocalObjectReference array

ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod

initContainers

Container array

List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

nodeName

string

NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.

nodeSelector

object

NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node’s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/

overhead

object

Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md This field is alpha-level as of Kubernetes v1.16, and is only honored by servers that enable the PodOverhead feature.

preemptionPolicy

string

PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. This field is alpha-level and is only honored by servers that enable the NonPreemptingPriority feature.

priority

integer

The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.

priorityClassName

string

If specified, indicates the pod’s priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.

readinessGates

PodReadinessGate array

If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md

restartPolicy

string

Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy

runtimeClassName

string

RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md This is a beta feature as of Kubernetes v1.14.

schedulerName

string

If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.

securityContext

PodSecurityContext

SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.

serviceAccount

string

DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.

serviceAccountName

string

ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

shareProcessNamespace

boolean

Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false. This field is beta-level and may be disabled with the PodShareProcessNamespace feature.

subdomain

string

If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not specified, the pod will not have a domainname at all.

terminationGracePeriodSeconds

integer

Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.

tolerations

Toleration array

If specified, the pod’s tolerations.

topologySpreadConstraints

TopologySpreadConstraint array

TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. This field is alpha-level and is only honored by clusters that enables the EvenPodsSpread feature. All topologySpreadConstraints are ANDed.

volumes

Volume array

List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes

Volume [v1/core]

The following table describes the parameters for Volume object:

Field Type Description

awsElasticBlockStore

AWSElasticBlockStoreVolumeSource

AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

azureDisk

AzureDiskVolumeSource

AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.

azureFile

AzureFileVolumeSource

AzureFile represents an Azure File Service mount on the host and bind mount to the pod.

cephfs

CephFSVolumeSource

CephFS represents a Ceph FS mount on the host that shares a pod’s lifetime

cinder

CinderVolumeSource

Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

configMap

ConfigMapVolumeSource

ConfigMap represents a configMap that should populate this volume

csi

CSIVolumeSource

CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature).

downwardAPI

DownwardAPIVolumeSource

DownwardAPI represents downward API about the pod that should populate this volume

emptyDir

EmptyDirVolumeSource

EmptyDir represents a temporary directory that shares a pod’s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir

fc

FCVolumeSource

FC represents a Fibre Channel resource that is attached to a kubelet’s host machine and then exposed to the pod.

flexVolume

FlexVolumeSource

FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.

flocker

FlockerVolumeSource

Flocker represents a Flocker volume attached to a kubelet’s host machine. This depends on the Flocker control service being running

gcePersistentDisk

GCEPersistentDiskVolumeSource

GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

gitRepo

GitRepoVolumeSource

GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod’s container.

glusterfs

GlusterfsVolumeSource

Glusterfs represents a Glusterfs mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md

hostPath

HostPathVolumeSource

HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

iscsi

ISCSIVolumeSource

ISCSI represents an ISCSI Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md

name

string

Volume’s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

nfs

NFSVolumeSource

NFS represents an NFS mount on the host that shares a pod’s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

persistentVolumeClaim

PersistentVolumeClaimVolumeSource

PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

photonPersistentDisk

PhotonPersistentDiskVolumeSource

PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine

portworxVolume

PortworxVolumeSource

PortworxVolume represents a portworx volume attached and mounted on kubelets host machine

projected

ProjectedVolumeSource

Items for all in one resources secrets, configmaps, and downward API

quobyte

QuobyteVolumeSource

Quobyte represents a Quobyte mount on the host that shares a pod’s lifetime

rbd

RBDVolumeSource

RBD represents a Rados Block Device mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md

scaleIO

ScaleIOVolumeSource

ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.

secret

SecretVolumeSource

Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret

storageos

StorageOSVolumeSource

StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.

vsphereVolume

VsphereVirtualDiskVolumeSource

VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine

VsphereVirtualDiskVolumeSource [v1/core]

The following table describes the parameters for VsphereVirtualDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

storagePolicyID

string

Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.

storagePolicyName

string

Storage Policy Based Management (SPBM) profile name.

volumePath

string

Path that identifies vSphere volume vmdk

StorageOSVolumeSource [v1/core]

The following table describes the parameters for StorageOSVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.

volumeName

string

VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.

volumeNamespace

string

VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod’s namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.

LocalObjectReference [v1/core]

The following table describes the parameters for LocalObjectReference object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

SecretVolumeSource [v1/core]

The following table describes the parameters for SecretVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

optional

boolean

Specify whether the Secret or its keys must be defined

secretName

string

Name of the secret in the pod’s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret

KeyToPath [v1/core]

The following table describes the parameters for KeyToPath object:

Field Type Description

key

string

The key to project.

mode

integer

Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

path

string

The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.

ScaleIOVolumeSource [v1/core]

The following table describes the parameters for ScaleIOVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".

gateway

string

The host address of the ScaleIO API Gateway.

protectionDomain

string

The name of the ScaleIO Protection Domain for the configured storage.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.

sslEnabled

boolean

Flag to enable/disable SSL communication with Gateway, default false

storageMode

string

Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.

storagePool

string

The ScaleIO Storage Pool associated with the protection domain.

system

string

The name of the storage system as configured in ScaleIO.

volumeName

string

The name of a volume already created in the ScaleIO system that is associated with this volume source.

RBDVolumeSource [v1/core]

The following table describes the parameters for RBDVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd

image

string

The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

keyring

string

Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

monitors

string array

A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

pool

string

The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

secretRef

LocalObjectReference

SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

user

string

The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

QuobyteVolumeSource [v1/core]

The following table describes the parameters for QuobyteVolumeSource object:

Field Type Description

group

string

Group to map volume access to Default is no group

readOnly

boolean

ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.

registry

string

Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes

tenant

string

Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin

user

string

User to map volume access to Defaults to serivceaccount user

volume

string

Volume is a string that references an already created Quobyte volume by name.

ProjectedVolumeSource [v1/core]

The following table describes the parameters for ProjectedVolumeSource object:

Field Type Description

defaultMode

integer

Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

sources

VolumeProjection array

list of volume projections

VolumeProjection [v1/core]

The following table describes the parameters for VolumeProjection object:

Field Type Description

configMap

ConfigMapProjection

information about the configMap data to project

downwardAPI

DownwardAPIProjection

information about the downwardAPI data to project

secret

SecretProjection

information about the secret data to project

serviceAccountToken

ServiceAccountTokenProjection

information about the serviceAccountToken data to project

ServiceAccountTokenProjection [v1/core]

The following table describes the parameters for ServiceAccountTokenProjection object:

Field Type Description

audience

string

Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.

expirationSeconds

integer

ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.

path

string

Path is the path relative to the mount point of the file to project the token into.

SecretProjection [v1/core]

The following table describes the parameters for SecretProjection object:

Field Type Description

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

DownwardAPIProjection [v1/core]

The following table describes the parameters for DownwardAPIProjection object:

Field Type Description

items

DownwardAPIVolumeFile array

Items is a list of DownwardAPIVolume file

DownwardAPIVolumeFile [v1/core]

The following table describes the parameters for DownwardAPIVolumeFile object:

Field Type Description

fieldRef

ObjectFieldSelector

Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.

mode

integer

Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

path

string

Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'

resourceFieldRef

ResourceFieldSelector

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.

ResourceFieldSelector [v1/core]

The following table describes the parameters for ResourceFieldSelector object:

Field Type Description

containerName

string

Container name: required for volumes, optional for env vars

divisor

Quantity

Specifies the output format of the exposed resources, defaults to "1"

resource

string

Required: resource to select

Quantity [resource/core]

The following table describes the parameters for Quantity object:

Field

Type

Description

ObjectFieldSelector [v1/core]

The following table describes the parameters for ObjectFieldSelector object:

Field Type Description

apiVersion

string

Version of the schema the FieldPath is written in terms of, defaults to "v1".

fieldPath

string

Path of the field to select in the specified API version.

ConfigMapProjection [v1/core]

The following table describes the parameters for ConfigMapProjection object:

Field Type Description

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its keys must be defined

PortworxVolumeSource [v1/core]

The following table describes the parameters for PortworxVolumeSource object:

Field Type Description

fsType

string

FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

volumeID

string

VolumeID uniquely identifies a Portworx volume

PhotonPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for PhotonPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

pdID

string

ID that identifies Photon Controller persistent disk

PersistentVolumeClaimVolumeSource [v1/core]

The following table describes the parameters for PersistentVolumeClaimVolumeSource object:

Field Type Description

claimName

string

ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

readOnly

boolean

Will force the ReadOnly setting in VolumeMounts. Default false.

NFSVolumeSource [v1/core]

The following table describes the parameters for NFSVolumeSource object:

Field Type Description

path

string

Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

readOnly

boolean

ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

server

string

Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

ISCSIVolumeSource [v1/core]

The following table describes the parameters for ISCSIVolumeSource object:

Field Type Description

chapAuthDiscovery

boolean

whether support iSCSI Discovery CHAP authentication

chapAuthSession

boolean

whether support iSCSI Session CHAP authentication

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi

initiatorName

string

Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.

iqn

string

Target iSCSI Qualified Name.

iscsiInterface

string

iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).

lun

integer

iSCSI Target Lun number.

portals

string array

iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.

secretRef

LocalObjectReference

CHAP Secret for iSCSI target and initiator authentication

targetPortal

string

iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

HostPathVolumeSource [v1/core]

The following table describes the parameters for HostPathVolumeSource object:

Field Type Description

path

string

Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

type

string

Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

GlusterfsVolumeSource [v1/core]

The following table describes the parameters for GlusterfsVolumeSource object:

Field Type Description

endpoints

string

EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

path

string

Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

readOnly

boolean

ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

GitRepoVolumeSource [v1/core]

The following table describes the parameters for GitRepoVolumeSource object:

Field Type Description

directory

string

Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.

repository

string

Repository URL

revision

string

Commit hash for the specified revision.

GCEPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for GCEPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

pdName

string

Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

FlockerVolumeSource [v1/core]

The following table describes the parameters for FlockerVolumeSource object:

Field Type Description

datasetName

string

Name of the dataset stored as metadata → name on the dataset for Flocker should be considered as deprecated

datasetUUID

string

UUID of the dataset. This is unique identifier of a Flocker dataset

FlexVolumeSource [v1/core]

The following table describes the parameters for FlexVolumeSource object:

Field Type Description

driver

string

Driver is the name of the driver to use for this volume.

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.

options

object

Optional: Extra command options if any.

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.

FCVolumeSource [v1/core]

The following table describes the parameters for FCVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

lun

integer

Optional: FC target lun number

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

targetWWNs

string array

Optional: FC target worldwide names (WWNs)

wwids

string array

Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.

EmptyDirVolumeSource [v1/core]

The following table describes the parameters for EmptyDirVolumeSource object:

Field Type Description

medium

string

What type of storage medium should back this directory. The default is "" which means to use the node’s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir

sizeLimit

Quantity

Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir

DownwardAPIVolumeSource [v1/core]

The following table describes the parameters for DownwardAPIVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

DownwardAPIVolumeFile array

Items is a list of downward API volume file

CSIVolumeSource [v1/core]

The following table describes the parameters for CSIVolumeSource object:

Field Type Description

driver

string

Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.

fsType

string

Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.

nodePublishSecretRef

LocalObjectReference

NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.

readOnly

boolean

Specifies a read-only configuration for the volume. Defaults to false (read/write).

volumeAttributes

object

VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver’s documentation for supported values.

ConfigMapVolumeSource [v1/core]

The following table describes the parameters for ConfigMapVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its keys must be defined

CinderVolumeSource [v1/core]

The following table describes the parameters for CinderVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

secretRef

LocalObjectReference

Optional: points to a secret object containing parameters used to connect to RHOSP.

volumeID

string

volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

CephFSVolumeSource [v1/core]

The following table describes the parameters for CephFSVolumeSource object:

Field Type Description

monitors

string array

Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

path

string

Optional: Used as the mounted root, rather than the full Ceph tree, default is /

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretFile

string

Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretRef

LocalObjectReference

Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

user

string

Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

AzureFileVolumeSource [v1/core]

The following table describes the parameters for AzureFileVolumeSource object:

Field Type Description

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretName

string

the name of secret that contains Azure Storage Account Name and Key

shareName

string

Share Name

AzureDiskVolumeSource [v1/core]

The following table describes the parameters for AzureDiskVolumeSource object:

Field Type Description

cachingMode

string

Host Caching mode: None, Read Only, Read Write.

diskName

string

The Name of the data disk in the blob storage

diskURI

string

The URI the data disk in the blob storage

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

kind

string

Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

AWSElasticBlockStoreVolumeSource [v1/core]

The following table describes the parameters for AWSElasticBlockStoreVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).

readOnly

boolean

Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

volumeID

string

Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

TopologySpreadConstraint [v1/core]

The following table describes the parameters for TopologySpreadConstraint object:

Field Type Description

labelSelector

LabelSelector

LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.

maxSkew

integer

MaxSkew describes the degree to which pods may be unevenly distributed. It’s the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0:

zone1

zone2

zone3

P

- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It’s a required field. Default value is 1 and 0 is not allowed.

topologyKey

string

TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. It’s a required field.

whenUnsatisfiable

string

WhenUnsatisfiable indicates how to deal with a pod if it doesn’t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It’s considered as "Unsatisfiable" if and only if placing incoming pod on any topology violates "MaxSkew". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1:

zone1

zone2

zone3

P P P

P

LabelSelector [v1/meta]

The following table describes the parameters for LabelSelector object:

Field Type Description

matchExpressions

LabelSelectorRequirement array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchLabels

object

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

LabelSelectorRequirement [v1/meta]

The following table describes the parameters for LabelSelectorRequirement object:

Field Type Description

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

string array

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

Toleration [v1/core]

The following table describes the parameters for Toleration object:

Field Type Description

effect

string

Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.

key

string

Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.

operator

string

Operator represents a key’s relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.

tolerationSeconds

integer

TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.

value

string

Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.

PodSecurityContext [v1/core]

The following table describes the parameters for PodSecurityContext object:

Field Type Description

fsGroup

integer

A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:

1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR’d with rw-rw----

If unset, the Kubelet will not modify the ownership and permissions of any volume.

runAsGroup

integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

runAsNonRoot

boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser

integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

seLinuxOptions

SELinuxOptions

The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

supplementalGroups

integer array

A list of groups applied to the first process run in each container, in addition to the container’s primary GID. If unspecified, no groups will be added to any container.

sysctls

Sysctl array

Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch.

windowsOptions

WindowsSecurityContextOptions

The Windows specific settings applied to all containers. If unspecified, the options within a container’s SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

WindowsSecurityContextOptions [v1/core]

The following table describes the parameters for WindowsSecurityContextOptions object:

Field Type Description

gmsaCredentialSpec

string

GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.

gmsaCredentialSpecName

string

GMSACredentialSpecName is the name of the GMSA credential spec to use. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.

runAsUserName

string

The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. This field is alpha-level and it is only honored by servers that enable the WindowsRunAsUserName feature flag.

Sysctl [v1/core]

The following table describes the parameters for Sysctl object:

Field Type Description

name

string

Name of a property to set

value

string

Value of a property to set

SELinuxOptions [v1/core]

The following table describes the parameters for SELinuxOptions object:

Field Type Description

level

string

Level is SELinux level label that applies to the container.

role

string

Role is a SELinux role label that applies to the container.

type

string

Type is a SELinux type label that applies to the container.

user

string

User is a SELinux user label that applies to the container.

PodReadinessGate [v1/core]

The following table describes the parameters for PodReadinessGate object:

Field Type Description

conditionType

string

ConditionType refers to a condition in the pod’s condition list with matching type.

HostAlias [v1/core]

The following table describes the parameters for HostAlias object:

Field Type Description

hostnames

string array

Hostnames for the above IP address.

ip

string

IP address of the host file entry.

EphemeralContainer [v1/core]

The following table describes the parameters for EphemeralContainer object:

Field Type Description

args

string array

Arguments to the entrypoint. The docker image’s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

command

string array

Entrypoint array. Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

env

EnvVar array

List of environment variables to set in the container. Cannot be updated.

envFrom

EnvFromSource array

List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.

image

string

Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images

imagePullPolicy

string

Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images

lifecycle

Lifecycle

Lifecycle is not allowed for ephemeral containers.

livenessProbe

Probe

Probes are not allowed for ephemeral containers.

name

string

Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.

ports

ContainerPort array

Ports are not allowed for ephemeral containers.

readinessProbe

Probe

Probes are not allowed for ephemeral containers.

resources

ResourceRequirements

Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.

securityContext

SecurityContext

SecurityContext is not allowed for ephemeral containers.

startupProbe

Probe

Probes are not allowed for ephemeral containers.

stdin

boolean

Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.

stdinOnce

boolean

Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false

targetContainerName

string

If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container is run in whatever namespaces are shared for the pod. Note that the container runtime must support this feature.

terminationMessagePath

string

Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.

terminationMessagePolicy

string

Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.

tty

boolean

Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.

volumeDevices

VolumeDevice array

volumeDevices is the list of block devices to be used by the container. This is a beta feature.

volumeMounts

VolumeMount array

Pod volumes to mount into the container’s filesystem. Cannot be updated.

workingDir

string

Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.

VolumeMount [v1/core]

The following table describes the parameters for VolumeMount object:

Field Type Description

mountPath

string

Path within the container at which the volume should be mounted. Must not contain ':'.

mountPropagation

string

mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.

name

string

This must match the Name of a Volume.

readOnly

boolean

Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.

subPath

string

Path within the volume from which the container’s volume should be mounted. Defaults to "" (volume’s root).

subPathExpr

string

Expanded path within the volume from which the container’s volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container’s environment. Defaults to "" (volume’s root). SubPathExpr and SubPath are mutually exclusive. This field is beta in 1.15.

VolumeDevice [v1/core]

The following table describes the parameters for VolumeDevice object:

Field Type Description

devicePath

string

devicePath is the path inside of the container that the device will be mapped to.

name

string

name must match the name of a persistentVolumeClaim in the pod

SecurityContext [v1/core]

The following table describes the parameters for SecurityContext object:

Field Type Description

allowPrivilegeEscalation

boolean

AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN

capabilities

Capabilities

The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.

privileged

boolean

Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.

procMount

string

procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.

readOnlyRootFilesystem

boolean

Whether this container has a read-only root filesystem. Default is false.

runAsGroup

integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsNonRoot

boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser

integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

seLinuxOptions

SELinuxOptions

The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

windowsOptions

WindowsSecurityContextOptions

The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

Capabilities [v1/core]

The following table describes the parameters for Capabilities object:

Field Type Description

add

string array

Added capabilities

drop

string array

Removed capabilities

ResourceRequirements [v1/core]

The following table describes the parameters for ResourceRequirements object:

Field Type Description

limits

object

Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

requests

object

Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

ContainerPort [v1/core]

The following table describes the parameters for ContainerPort object:

Field Type Description

containerPort

integer

Number of port to expose on the pod’s IP address. This must be a valid port number, 0 < x < 65536.

hostIP

string

What host IP to bind the external port to.

hostPort

integer

Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.

name

string

If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.

protocol

string

Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".

Probe [v1/core]

The following table describes the parameters for Probe object:

Field Type Description

exec

ExecAction

One and only one of the following should be specified. Exec specifies the action to take.

failureThreshold

integer

Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.

httpGet

HTTPGetAction

HTTPGet specifies the http request to perform.

initialDelaySeconds

integer

Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

periodSeconds

integer

How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.

successThreshold

integer

Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

tcpSocket

TCPSocketAction

TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported

timeoutSeconds

integer

Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

TCPSocketAction [v1/core]

The following table describes the parameters for TCPSocketAction object:

Field Type Description

host

string

Optional: Host name to connect to, defaults to the pod IP.

port

Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

HTTPGetAction [v1/core]

The following table describes the parameters for HTTPGetAction object:

Field Type Description

host

string

Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.

httpHeaders

HTTPHeader array

Custom headers to set in the request. HTTP allows repeated headers.

path

string

Path to access on the HTTP server.

port

Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

scheme

string

Scheme to use for connecting to the host. Defaults to HTTP.

HTTPHeader [v1/core]

The following table describes the parameters for HTTPHeader object:

Field Type Description

name

string

The header field name

value

string

The header field value

ExecAction [v1/core]

The following table describes the parameters for ExecAction object:

Field Type Description

command

string array

Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('

Lifecycle [v1/core]

The following table describes the parameters for Lifecycle object:

Field Type Description

postStart

Handler

PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

preStop

Handler

PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod’s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod’s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

Handler [v1/core]

The following table describes the parameters for Handler object:

Field Type Description

exec

ExecAction

One and only one of the following should be specified. Exec specifies the action to take.

httpGet

HTTPGetAction

HTTPGet specifies the http request to perform.

tcpSocket

TCPSocketAction

TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported

EnvFromSource [v1/core]

The following table describes the parameters for EnvFromSource object:

Field Type Description

configMapRef

ConfigMapEnvSource

The ConfigMap to select from

prefix

string

An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.

secretRef

SecretEnvSource

The Secret to select from

SecretEnvSource [v1/core]

The following table describes the parameters for SecretEnvSource object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret must be defined

ConfigMapEnvSource [v1/core]

The following table describes the parameters for ConfigMapEnvSource object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap must be defined

EnvVar [v1/core]

The following table describes the parameters for EnvVar object:

Field Type Description

name

string

Name of the environment variable. Must be a C_IDENTIFIER.

value

string

Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".

valueFrom

EnvVarSource

Source for the environment variable’s value. Cannot be used if value is not empty.

EnvVarSource [v1/core]

The following table describes the parameters for EnvVarSource object:

Field Type Description

configMapKeyRef

ConfigMapKeySelector

Selects a key of a ConfigMap.

fieldRef

ObjectFieldSelector

Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP.

resourceFieldRef

ResourceFieldSelector

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.

secretKeyRef

SecretKeySelector

Selects a key of a secret in the pod’s namespace

SecretKeySelector [v1/core]

The following table describes the parameters for SecretKeySelector object:

Field Type Description

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

ConfigMapKeySelector [v1/core]

The following table describes the parameters for ConfigMapKeySelector object:

Field Type Description

key

string

The key to select.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its key must be defined

PodDNSConfig [v1/core]

The following table describes the parameters for PodDNSConfig object:

Field Type Description

nameservers

string array

A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.

options

PodDNSConfigOption array

A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.

searches

string array

A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.

PodDNSConfigOption [v1/core]

The following table describes the parameters for PodDNSConfigOption object:

Field Type Description

name

string

Required.

value

string

Container [v1/core]

The following table describes the parameters for Container object:

Field Type Description

args

string array

Arguments to the entrypoint. The docker image’s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

command

string array

Entrypoint array. Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

env

EnvVar array

List of environment variables to set in the container. Cannot be updated.

envFrom

EnvFromSource array

List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.

image

string

Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.

imagePullPolicy

string

Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images

lifecycle

Lifecycle

Actions that the management system should take in response to container lifecycle events. Cannot be updated.

livenessProbe

Probe

Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

name

string

Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.

ports

ContainerPort array

List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated.

readinessProbe

Probe

Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

resources

ResourceRequirements

Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

securityContext

SecurityContext

Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

startupProbe

Probe

StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod’s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is an alpha feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

stdin

boolean

Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.

stdinOnce

boolean

Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false

terminationMessagePath

string

Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.

terminationMessagePolicy

string

Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.

tty

boolean

Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.

volumeDevices

VolumeDevice array

volumeDevices is the list of block devices to be used by the container. This is a beta feature.

volumeMounts

VolumeMount array

Pod volumes to mount into the container’s filesystem. Cannot be updated.

workingDir

string

Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.

Affinity [v1/core]

The following table describes the parameters for Affinity object:

Field Type Description

nodeAffinity

NodeAffinity

Describes node affinity scheduling rules for the pod.

podAffinity

PodAffinity

Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).

podAntiAffinity

PodAntiAffinity

Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).

PodAntiAffinity [v1/core]

The following table describes the parameters for PodAntiAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

WeightedPodAffinityTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

PodAffinityTerm array

If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

PodAffinityTerm [v1/core]

The following table describes the parameters for PodAffinityTerm object:

Field Type Description

labelSelector

LabelSelector

A label query over a set of resources, in this case pods.

namespaces

string array

namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod’s namespace"

topologyKey

string

This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.

WeightedPodAffinityTerm [v1/core]

The following table describes the parameters for WeightedPodAffinityTerm object:

Field Type Description

podAffinityTerm

PodAffinityTerm

Required. A pod affinity term, associated with the corresponding weight.

weight

integer

weight associated with matching the corresponding podAffinityTerm, in the range 1-100.

PodAffinity [v1/core]

The following table describes the parameters for PodAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

WeightedPodAffinityTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

PodAffinityTerm array

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

NodeAffinity [v1/core]

The following table describes the parameters for NodeAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

PreferredSchedulingTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

NodeSelector

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.

NodeSelector [v1/core]

The following table describes the parameters for NodeSelector object:

Field Type Description

nodeSelectorTerms

NodeSelectorTerm array

Required. A list of node selector terms. The terms are ORed.

NodeSelectorTerm [v1/core]

The following table describes the parameters for NodeSelectorTerm object:

Field Type Description

matchExpressions

NodeSelectorRequirement array

A list of node selector requirements by node’s labels.

matchFields

NodeSelectorRequirement array

A list of node selector requirements by node’s fields.

NodeSelectorRequirement [v1/core]

The following table describes the parameters for NodeSelectorRequirement object:

Field Type Description

key

string

The label key that the selector applies to.

operator

string

Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.

values

string array

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.

PreferredSchedulingTerm [v1/core]

The following table describes the parameters for PreferredSchedulingTerm object:

Field Type Description

preference

NodeSelectorTerm

A node selector term, associated with the corresponding weight.

weight

integer

Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a DaemonSet

HTTP request

post /apis/extensions/v1beta1/namespaces/{namespace}/daemonsets

Table 1390. HTTP body
Object	Type
`body`	DaemonSet

Table 1391. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1392. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1393. HTTP responses
Code	Type
200 - OK	DaemonSet
201 - Created	DaemonSet
202 - Accepted	DaemonSet

Patch

partially update the specified DaemonSet

HTTP request

patch /apis/extensions/v1beta1/namespaces/{namespace}/daemonsets/{name}

Table 1394. HTTP body
Object	Type
`body`	Patch

Table 1395. Path parameters
Parameter	Description
`name`	name of the DaemonSet
`namespace`	object name and auth scope, such as for teams and projects

Table 1396. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1397. HTTP responses
Code	Type
200 - OK	DaemonSet

Replace

replace the specified DaemonSet

HTTP request

put /apis/extensions/v1beta1/namespaces/{namespace}/daemonsets/{name}

Table 1398. HTTP body
Object	Type
`body`	DaemonSet

Table 1399. Path parameters
Parameter	Description
`name`	name of the DaemonSet
`namespace`	object name and auth scope, such as for teams and projects

Table 1400. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1401. HTTP responses
Code	Type
200 - OK	DaemonSet
201 - Created	DaemonSet

Delete

delete a DaemonSet

HTTP request

delete /apis/extensions/v1beta1/namespaces/{namespace}/daemonsets/{name}

Table 1402. HTTP body
Object	Type
`body`	DeleteOptions

Table 1403. Path parameters
Parameter	Description
`name`	name of the DaemonSet
`namespace`	object name and auth scope, such as for teams and projects

Table 1404. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 1405. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of DaemonSet

HTTP request

delete /apis/extensions/v1beta1/namespaces/{namespace}/daemonsets

Table 1406. HTTP body
Object	Type
`body`	DeleteOptions

Table 1407. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1408. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1409. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified DaemonSet

HTTP request

get /apis/extensions/v1beta1/namespaces/{namespace}/daemonsets/{name}

Table 1410. Path parameters
Parameter	Description
`name`	name of the DaemonSet
`namespace`	object name and auth scope, such as for teams and projects

Table 1411. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 1412. HTTP responses
Code	Type
200 - OK	DaemonSet

List

list or watch objects of kind DaemonSet

HTTP request

get /apis/extensions/v1beta1/namespaces/{namespace}/daemonsets

Table 1413. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1414. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1415. HTTP responses
Code	Type
200 - OK	DaemonSetList

List All Namespaces

list or watch objects of kind DaemonSet

HTTP request

get /apis/extensions/v1beta1/daemonsets

Table 1416. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1417. HTTP responses
Code	Type
200 - OK	DaemonSetList

Watch

watch changes to an object of kind DaemonSet. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /apis/extensions/v1beta1/watch/namespaces/{namespace}/daemonsets/{name}

Table 1418. Path parameters
Parameter	Description
`name`	name of the DaemonSet
`namespace`	object name and auth scope, such as for teams and projects

Table 1419. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1420. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of DaemonSet. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/extensions/v1beta1/watch/namespaces/{namespace}/daemonsets

Table 1421. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1422. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1423. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List All Namespaces

watch individual changes to a list of DaemonSet. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/extensions/v1beta1/watch/daemonsets

Table 1424. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1425. HTTP responses
Code	Type
200 - OK	WatchEvent

Status Operations

Patch Status

partially update status of the specified DaemonSet

HTTP request

patch /apis/extensions/v1beta1/namespaces/{namespace}/daemonsets/{name}/status

Table 1426. HTTP body
Object	Type
`body`	Patch

Table 1427. Path parameters
Parameter	Description
`name`	name of the DaemonSet
`namespace`	object name and auth scope, such as for teams and projects

Table 1428. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1429. HTTP responses
Code	Type
200 - OK	DaemonSet

Read Status

read status of the specified DaemonSet

HTTP request

get /apis/extensions/v1beta1/namespaces/{namespace}/daemonsets/{name}/status

Table 1430. Path parameters
Parameter	Description
`name`	name of the DaemonSet
`namespace`	object name and auth scope, such as for teams and projects

Table 1431. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 1432. HTTP responses
Code	Type
200 - OK	DaemonSet

Replace Status

replace status of the specified DaemonSet

HTTP request

put /apis/extensions/v1beta1/namespaces/{namespace}/daemonsets/{name}/status

Table 1433. HTTP body
Object	Type
`body`	DaemonSet

Table 1434. Path parameters
Parameter	Description
`name`	name of the DaemonSet
`namespace`	object name and auth scope, such as for teams and projects

Table 1435. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1436. HTTP responses
Code	Type
200 - OK	DaemonSet
201 - Created	DaemonSet

Deployment v1beta1 extensions

Appears in

DeploymentList [extensions/v1beta1]

Definitions

Deployment [v1beta1/extensions]

The following table describes the parameters for the Deployment object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object metadata.

spec

DeploymentSpec

Specification of the desired behavior of the Deployment.

status

DeploymentStatus

Most recently observed status of the Deployment.

DeploymentSpec [v1beta1/extensions]

The following table describes the parameters for DeploymentSpec object:

Field Type Description

minReadySeconds

integer

Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)

paused

boolean

Indicates that the deployment is paused and will not be processed by the deployment controller.

progressDeadlineSeconds

integer

The maximum time in seconds for a deployment to make progress before it is considered to be failed. The deployment controller will continue to process failed deployments and a condition with a ProgressDeadlineExceeded reason will be surfaced in the deployment status. Note that progress will not be estimated during the time a deployment is paused. This is set to the max value of int32 (i.e. 2147483647) by default, which means "no deadline".

replicas

integer

Number of desired pods. This is a pointer to distinguish between explicit zero and not specified. Defaults to 1.

revisionHistoryLimit

integer

The number of old ReplicaSets to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. This is set to the max value of int32 (i.e. 2147483647) by default, which means "retaining all old RelicaSets".

rollbackTo

RollbackConfig

DEPRECATED. The config this deployment is rolling back to. Will be cleared after rollback is done.

selector

LabelSelector

Label selector for pods. Existing ReplicaSets whose pods are selected by this will be the ones affected by this deployment.

strategy

DeploymentStrategy

The deployment strategy to use to replace existing pods with new ones.

template

PodTemplateSpec

Template describes the pods that will be created.

DeploymentStatus [v1beta1/extensions]

The following table describes the parameters for DeploymentStatus object:

Field Type Description

availableReplicas

integer

Total number of available pods (ready for at least minReadySeconds) targeted by this deployment.

collisionCount

integer

Count of hash collisions for the Deployment. The Deployment controller uses this field as a collision avoidance mechanism when it needs to create the name for the newest ReplicaSet.

conditions

DeploymentCondition array

Represents the latest available observations of a deployment’s current state.

observedGeneration

integer

The generation observed by the deployment controller.

readyReplicas

integer

Total number of ready pods targeted by this deployment.

replicas

integer

Total number of non-terminated pods targeted by this deployment (their labels match the selector).

unavailableReplicas

integer

Total number of unavailable pods targeted by this deployment. This is the total number of pods that are still required for the deployment to have 100% available capacity. They may either be pods that are running but not yet available or pods that still have not been created.

updatedReplicas

integer

Total number of non-terminated pods targeted by this deployment that have the desired template spec.

DeploymentList [v1beta1/extensions]

The following table describes the parameters for DeploymentList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Deployment array

Items is the list of Deployments.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata.

DeploymentStrategy [v1beta1/extensions]

The following table describes the parameters for DeploymentStrategy object:

Field Type Description

rollingUpdate

RollingUpdateDeployment

Rolling update config params. Present only if DeploymentStrategyType = RollingUpdate.

type

string

Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate.

DeploymentRollback [v1beta1/extensions]

The following table describes the parameters for DeploymentRollback object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Required: This must match the Name of a deployment.

rollbackTo

RollbackConfig

The config of this deployment rollback.

updatedAnnotations

object

The annotations to be updated to a deployment

RollingUpdateDeployment [v1beta1/extensions]

The following table describes the parameters for RollingUpdateDeployment object:

Field Type Description

maxSurge

The maximum number of pods that can be scheduled above the desired number of pods. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. By default, a value of 1 is used. Example: when this is set to 30%, the new RC can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new RC can be scaled up further, ensuring that total number of pods running at any time during the update is at most 130% of desired pods.

maxUnavailable

The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. By default, a fixed value of 1 is used. Example: when this is set to 30%, the old RC can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old RC can be scaled down further, followed by scaling up the new RC, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods.

DeploymentCondition [v1beta1/extensions]

The following table describes the parameters for DeploymentCondition object:

Field Type Description

lastTransitionTime

Time

Last time the condition transitioned from one status to another.

lastUpdateTime

Time

The last time this condition was updated.

message

string

A human readable message indicating details about the transition.

reason

string

The reason for the condition’s last transition.

status

string

Status of the condition, one of True, False, Unknown.

type

string

Type of deployment condition.

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

PodTemplateSpec [v1/core]

The following table describes the parameters for PodTemplateSpec object:

Field Type Description

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

PodSpec

Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

PodSpec [v1/core]

The following table describes the parameters for PodSpec object:

Field Type Description

activeDeadlineSeconds

integer

Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.

affinity

Affinity

If specified, the pod’s scheduling constraints

automountServiceAccountToken

boolean

AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.

containers

Container array

List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.

dnsConfig

PodDNSConfig

Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.

dnsPolicy

string

Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.

enableServiceLinks

boolean

EnableServiceLinks indicates whether information about services should be injected into pod’s environment variables, matching the syntax of Docker links. Optional: Defaults to true.

ephemeralContainers

EphemeralContainer array

List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod’s ephemeralcontainers subresource. This field is alpha-level and is only honored by servers that enable the EphemeralContainers feature.

hostAliases

HostAlias array

HostAliases is an optional list of hosts and IPs that will be injected into the pod’s hosts file if specified. This is only valid for non-hostNetwork pods.

hostIPC

boolean

Use the host’s ipc namespace. Optional: Default to false.

hostNetwork

boolean

Host networking requested for this pod. Use the host’s network namespace. If this option is set, the ports that will be used must be specified. Default to false.

hostPID

boolean

Use the host’s pid namespace. Optional: Default to false.

hostname

string

Specifies the hostname of the Pod If not specified, the pod’s hostname will be set to a system-defined value.

imagePullSecrets

LocalObjectReference array

ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod

initContainers

Container array

List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

nodeName

string

NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.

nodeSelector

object

NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node’s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/

overhead

object

Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md This field is alpha-level as of Kubernetes v1.16, and is only honored by servers that enable the PodOverhead feature.

preemptionPolicy

string

PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. This field is alpha-level and is only honored by servers that enable the NonPreemptingPriority feature.

priority

integer

The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.

priorityClassName

string

If specified, indicates the pod’s priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.

readinessGates

PodReadinessGate array

If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md

restartPolicy

string

Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy

runtimeClassName

string

RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md This is a beta feature as of Kubernetes v1.14.

schedulerName

string

If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.

securityContext

PodSecurityContext

SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.

serviceAccount

string

DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.

serviceAccountName

string

ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

shareProcessNamespace

boolean

Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false. This field is beta-level and may be disabled with the PodShareProcessNamespace feature.

subdomain

string

If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not specified, the pod will not have a domainname at all.

terminationGracePeriodSeconds

integer

Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.

tolerations

Toleration array

If specified, the pod’s tolerations.

topologySpreadConstraints

TopologySpreadConstraint array

TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. This field is alpha-level and is only honored by clusters that enables the EvenPodsSpread feature. All topologySpreadConstraints are ANDed.

volumes

Volume array

List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes

Volume [v1/core]

The following table describes the parameters for Volume object:

Field Type Description

awsElasticBlockStore

AWSElasticBlockStoreVolumeSource

AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

azureDisk

AzureDiskVolumeSource

AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.

azureFile

AzureFileVolumeSource

AzureFile represents an Azure File Service mount on the host and bind mount to the pod.

cephfs

CephFSVolumeSource

CephFS represents a Ceph FS mount on the host that shares a pod’s lifetime

cinder

CinderVolumeSource

Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

configMap

ConfigMapVolumeSource

ConfigMap represents a configMap that should populate this volume

csi

CSIVolumeSource

CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature).

downwardAPI

DownwardAPIVolumeSource

DownwardAPI represents downward API about the pod that should populate this volume

emptyDir

EmptyDirVolumeSource

EmptyDir represents a temporary directory that shares a pod’s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir

fc

FCVolumeSource

FC represents a Fibre Channel resource that is attached to a kubelet’s host machine and then exposed to the pod.

flexVolume

FlexVolumeSource

FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.

flocker

FlockerVolumeSource

Flocker represents a Flocker volume attached to a kubelet’s host machine. This depends on the Flocker control service being running

gcePersistentDisk

GCEPersistentDiskVolumeSource

GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

gitRepo

GitRepoVolumeSource

GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod’s container.

glusterfs

GlusterfsVolumeSource

Glusterfs represents a Glusterfs mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md

hostPath

HostPathVolumeSource

HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

iscsi

ISCSIVolumeSource

ISCSI represents an ISCSI Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md

name

string

Volume’s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

nfs

NFSVolumeSource

NFS represents an NFS mount on the host that shares a pod’s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

persistentVolumeClaim

PersistentVolumeClaimVolumeSource

PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

photonPersistentDisk

PhotonPersistentDiskVolumeSource

PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine

portworxVolume

PortworxVolumeSource

PortworxVolume represents a portworx volume attached and mounted on kubelets host machine

projected

ProjectedVolumeSource

Items for all in one resources secrets, configmaps, and downward API

quobyte

QuobyteVolumeSource

Quobyte represents a Quobyte mount on the host that shares a pod’s lifetime

rbd

RBDVolumeSource

RBD represents a Rados Block Device mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md

scaleIO

ScaleIOVolumeSource

ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.

secret

SecretVolumeSource

Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret

storageos

StorageOSVolumeSource

StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.

vsphereVolume

VsphereVirtualDiskVolumeSource

VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine

VsphereVirtualDiskVolumeSource [v1/core]

The following table describes the parameters for VsphereVirtualDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

storagePolicyID

string

Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.

storagePolicyName

string

Storage Policy Based Management (SPBM) profile name.

volumePath

string

Path that identifies vSphere volume vmdk

StorageOSVolumeSource [v1/core]

The following table describes the parameters for StorageOSVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.

volumeName

string

VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.

volumeNamespace

string

VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod’s namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.

LocalObjectReference [v1/core]

The following table describes the parameters for LocalObjectReference object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

SecretVolumeSource [v1/core]

The following table describes the parameters for SecretVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

optional

boolean

Specify whether the Secret or its keys must be defined

secretName

string

Name of the secret in the pod’s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret

KeyToPath [v1/core]

The following table describes the parameters for KeyToPath object:

Field Type Description

key

string

The key to project.

mode

integer

Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

path

string

The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.

ScaleIOVolumeSource [v1/core]

The following table describes the parameters for ScaleIOVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".

gateway

string

The host address of the ScaleIO API Gateway.

protectionDomain

string

The name of the ScaleIO Protection Domain for the configured storage.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.

sslEnabled

boolean

Flag to enable/disable SSL communication with Gateway, default false

storageMode

string

Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.

storagePool

string

The ScaleIO Storage Pool associated with the protection domain.

system

string

The name of the storage system as configured in ScaleIO.

volumeName

string

The name of a volume already created in the ScaleIO system that is associated with this volume source.

RBDVolumeSource [v1/core]

The following table describes the parameters for RBDVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd

image

string

The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

keyring

string

Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

monitors

string array

A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

pool

string

The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

secretRef

LocalObjectReference

SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

user

string

The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

QuobyteVolumeSource [v1/core]

The following table describes the parameters for QuobyteVolumeSource object:

Field Type Description

group

string

Group to map volume access to Default is no group

readOnly

boolean

ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.

registry

string

Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes

tenant

string

Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin

user

string

User to map volume access to Defaults to serivceaccount user

volume

string

Volume is a string that references an already created Quobyte volume by name.

ProjectedVolumeSource [v1/core]

The following table describes the parameters for ProjectedVolumeSource object:

Field Type Description

defaultMode

integer

Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

sources

VolumeProjection array

list of volume projections

VolumeProjection [v1/core]

The following table describes the parameters for VolumeProjection object:

Field Type Description

configMap

ConfigMapProjection

information about the configMap data to project

downwardAPI

DownwardAPIProjection

information about the downwardAPI data to project

secret

SecretProjection

information about the secret data to project

serviceAccountToken

ServiceAccountTokenProjection

information about the serviceAccountToken data to project

ServiceAccountTokenProjection [v1/core]

The following table describes the parameters for ServiceAccountTokenProjection object:

Field Type Description

audience

string

Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.

expirationSeconds

integer

ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.

path

string

Path is the path relative to the mount point of the file to project the token into.

SecretProjection [v1/core]

The following table describes the parameters for SecretProjection object:

Field Type Description

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

DownwardAPIProjection [v1/core]

The following table describes the parameters for DownwardAPIProjection object:

Field Type Description

items

DownwardAPIVolumeFile array

Items is a list of DownwardAPIVolume file

DownwardAPIVolumeFile [v1/core]

The following table describes the parameters for DownwardAPIVolumeFile object:

Field Type Description

fieldRef

ObjectFieldSelector

Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.

mode

integer

Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

path

string

Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'

resourceFieldRef

ResourceFieldSelector

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.

ResourceFieldSelector [v1/core]

The following table describes the parameters for ResourceFieldSelector object:

Field Type Description

containerName

string

Container name: required for volumes, optional for env vars

divisor

Quantity

Specifies the output format of the exposed resources, defaults to "1"

resource

string

Required: resource to select

Quantity [resource/core]

The following table describes the parameters for Quantity object:

Field

Type

Description

ObjectFieldSelector [v1/core]

The following table describes the parameters for ObjectFieldSelector object:

Field Type Description

apiVersion

string

Version of the schema the FieldPath is written in terms of, defaults to "v1".

fieldPath

string

Path of the field to select in the specified API version.

ConfigMapProjection [v1/core]

The following table describes the parameters for ConfigMapProjection object:

Field Type Description

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its keys must be defined

PortworxVolumeSource [v1/core]

The following table describes the parameters for PortworxVolumeSource object:

Field Type Description

fsType

string

FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

volumeID

string

VolumeID uniquely identifies a Portworx volume

PhotonPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for PhotonPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

pdID

string

ID that identifies Photon Controller persistent disk

PersistentVolumeClaimVolumeSource [v1/core]

The following table describes the parameters for PersistentVolumeClaimVolumeSource object:

Field Type Description

claimName

string

ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

readOnly

boolean

Will force the ReadOnly setting in VolumeMounts. Default false.

NFSVolumeSource [v1/core]

The following table describes the parameters for NFSVolumeSource object:

Field Type Description

path

string

Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

readOnly

boolean

ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

server

string

Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

ISCSIVolumeSource [v1/core]

The following table describes the parameters for ISCSIVolumeSource object:

Field Type Description

chapAuthDiscovery

boolean

whether support iSCSI Discovery CHAP authentication

chapAuthSession

boolean

whether support iSCSI Session CHAP authentication

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi

initiatorName

string

Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.

iqn

string

Target iSCSI Qualified Name.

iscsiInterface

string

iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).

lun

integer

iSCSI Target Lun number.

portals

string array

iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.

secretRef

LocalObjectReference

CHAP Secret for iSCSI target and initiator authentication

targetPortal

string

iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

HostPathVolumeSource [v1/core]

The following table describes the parameters for HostPathVolumeSource object:

Field Type Description

path

string

Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

type

string

Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

GlusterfsVolumeSource [v1/core]

The following table describes the parameters for GlusterfsVolumeSource object:

Field Type Description

endpoints

string

EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

path

string

Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

readOnly

boolean

ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

GitRepoVolumeSource [v1/core]

The following table describes the parameters for GitRepoVolumeSource object:

Field Type Description

directory

string

Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.

repository

string

Repository URL

revision

string

Commit hash for the specified revision.

GCEPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for GCEPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

pdName

string

Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

FlockerVolumeSource [v1/core]

The following table describes the parameters for FlockerVolumeSource object:

Field Type Description

datasetName

string

Name of the dataset stored as metadata → name on the dataset for Flocker should be considered as deprecated

datasetUUID

string

UUID of the dataset. This is unique identifier of a Flocker dataset

FlexVolumeSource [v1/core]

The following table describes the parameters for FlexVolumeSource object:

Field Type Description

driver

string

Driver is the name of the driver to use for this volume.

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.

options

object

Optional: Extra command options if any.

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.

FCVolumeSource [v1/core]

The following table describes the parameters for FCVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

lun

integer

Optional: FC target lun number

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

targetWWNs

string array

Optional: FC target worldwide names (WWNs)

wwids

string array

Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.

EmptyDirVolumeSource [v1/core]

The following table describes the parameters for EmptyDirVolumeSource object:

Field Type Description

medium

string

What type of storage medium should back this directory. The default is "" which means to use the node’s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir

sizeLimit

Quantity

Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir

DownwardAPIVolumeSource [v1/core]

The following table describes the parameters for DownwardAPIVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

DownwardAPIVolumeFile array

Items is a list of downward API volume file

CSIVolumeSource [v1/core]

The following table describes the parameters for CSIVolumeSource object:

Field Type Description

driver

string

Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.

fsType

string

Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.

nodePublishSecretRef

LocalObjectReference

NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.

readOnly

boolean

Specifies a read-only configuration for the volume. Defaults to false (read/write).

volumeAttributes

object

VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver’s documentation for supported values.

ConfigMapVolumeSource [v1/core]

The following table describes the parameters for ConfigMapVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its keys must be defined

CinderVolumeSource [v1/core]

The following table describes the parameters for CinderVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

secretRef

LocalObjectReference

Optional: points to a secret object containing parameters used to connect to RHOSP.

volumeID

string

volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

CephFSVolumeSource [v1/core]

The following table describes the parameters for CephFSVolumeSource object:

Field Type Description

monitors

string array

Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

path

string

Optional: Used as the mounted root, rather than the full Ceph tree, default is /

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretFile

string

Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretRef

LocalObjectReference

Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

user

string

Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

AzureFileVolumeSource [v1/core]

The following table describes the parameters for AzureFileVolumeSource object:

Field Type Description

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretName

string

the name of secret that contains Azure Storage Account Name and Key

shareName

string

Share Name

AzureDiskVolumeSource [v1/core]

The following table describes the parameters for AzureDiskVolumeSource object:

Field Type Description

cachingMode

string

Host Caching mode: None, Read Only, Read Write.

diskName

string

The Name of the data disk in the blob storage

diskURI

string

The URI the data disk in the blob storage

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

kind

string

Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

AWSElasticBlockStoreVolumeSource [v1/core]

The following table describes the parameters for AWSElasticBlockStoreVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).

readOnly

boolean

Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

volumeID

string

Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

TopologySpreadConstraint [v1/core]

The following table describes the parameters for TopologySpreadConstraint object:

Field Type Description

labelSelector

LabelSelector

LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.

maxSkew

integer

MaxSkew describes the degree to which pods may be unevenly distributed. It’s the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0:

zone1

zone2

zone3

P

- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It’s a required field. Default value is 1 and 0 is not allowed.

topologyKey

string

TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. It’s a required field.

whenUnsatisfiable

string

WhenUnsatisfiable indicates how to deal with a pod if it doesn’t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It’s considered as "Unsatisfiable" if and only if placing incoming pod on any topology violates "MaxSkew". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1:

zone1

zone2

zone3

P P P

P

LabelSelector [v1/meta]

The following table describes the parameters for LabelSelector object:

Field Type Description

matchExpressions

LabelSelectorRequirement array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchLabels

object

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

LabelSelectorRequirement [v1/meta]

The following table describes the parameters for LabelSelectorRequirement object:

Field Type Description

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

string array

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

Toleration [v1/core]

The following table describes the parameters for Toleration object:

Field Type Description

effect

string

Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.

key

string

Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.

operator

string

Operator represents a key’s relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.

tolerationSeconds

integer

TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.

value

string

Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.

PodSecurityContext [v1/core]

The following table describes the parameters for PodSecurityContext object:

Field Type Description

fsGroup

integer

A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:

1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR’d with rw-rw----

If unset, the Kubelet will not modify the ownership and permissions of any volume.

runAsGroup

integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

runAsNonRoot

boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser

integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

seLinuxOptions

SELinuxOptions

The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

supplementalGroups

integer array

A list of groups applied to the first process run in each container, in addition to the container’s primary GID. If unspecified, no groups will be added to any container.

sysctls

Sysctl array

Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch.

windowsOptions

WindowsSecurityContextOptions

The Windows specific settings applied to all containers. If unspecified, the options within a container’s SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

WindowsSecurityContextOptions [v1/core]

The following table describes the parameters for WindowsSecurityContextOptions object:

Field Type Description

gmsaCredentialSpec

string

GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.

gmsaCredentialSpecName

string

GMSACredentialSpecName is the name of the GMSA credential spec to use. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.

runAsUserName

string

The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. This field is alpha-level and it is only honored by servers that enable the WindowsRunAsUserName feature flag.

Sysctl [v1/core]

The following table describes the parameters for Sysctl object:

Field Type Description

name

string

Name of a property to set

value

string

Value of a property to set

SELinuxOptions [v1/core]

The following table describes the parameters for SELinuxOptions object:

Field Type Description

level

string

Level is SELinux level label that applies to the container.

role

string

Role is a SELinux role label that applies to the container.

type

string

Type is a SELinux type label that applies to the container.

user

string

User is a SELinux user label that applies to the container.

PodReadinessGate [v1/core]

The following table describes the parameters for PodReadinessGate object:

Field Type Description

conditionType

string

ConditionType refers to a condition in the pod’s condition list with matching type.

HostAlias [v1/core]

The following table describes the parameters for HostAlias object:

Field Type Description

hostnames

string array

Hostnames for the above IP address.

ip

string

IP address of the host file entry.

EphemeralContainer [v1/core]

The following table describes the parameters for EphemeralContainer object:

Field Type Description

args

string array

Arguments to the entrypoint. The docker image’s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

command

string array

Entrypoint array. Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

env

EnvVar array

List of environment variables to set in the container. Cannot be updated.

envFrom

EnvFromSource array

List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.

image

string

Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images

imagePullPolicy

string

Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images

lifecycle

Lifecycle

Lifecycle is not allowed for ephemeral containers.

livenessProbe

Probe

Probes are not allowed for ephemeral containers.

name

string

Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.

ports

ContainerPort array

Ports are not allowed for ephemeral containers.

readinessProbe

Probe

Probes are not allowed for ephemeral containers.

resources

ResourceRequirements

Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.

securityContext

SecurityContext

SecurityContext is not allowed for ephemeral containers.

startupProbe

Probe

Probes are not allowed for ephemeral containers.

stdin

boolean

Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.

stdinOnce

boolean

Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false

targetContainerName

string

If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container is run in whatever namespaces are shared for the pod. Note that the container runtime must support this feature.

terminationMessagePath

string

Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.

terminationMessagePolicy

string

Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.

tty

boolean

Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.

volumeDevices

VolumeDevice array

volumeDevices is the list of block devices to be used by the container. This is a beta feature.

volumeMounts

VolumeMount array

Pod volumes to mount into the container’s filesystem. Cannot be updated.

workingDir

string

Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.

VolumeMount [v1/core]

The following table describes the parameters for VolumeMount object:

Field Type Description

mountPath

string

Path within the container at which the volume should be mounted. Must not contain ':'.

mountPropagation

string

mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.

name

string

This must match the Name of a Volume.

readOnly

boolean

Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.

subPath

string

Path within the volume from which the container’s volume should be mounted. Defaults to "" (volume’s root).

subPathExpr

string

Expanded path within the volume from which the container’s volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container’s environment. Defaults to "" (volume’s root). SubPathExpr and SubPath are mutually exclusive. This field is beta in 1.15.

VolumeDevice [v1/core]

The following table describes the parameters for VolumeDevice object:

Field Type Description

devicePath

string

devicePath is the path inside of the container that the device will be mapped to.

name

string

name must match the name of a persistentVolumeClaim in the pod

SecurityContext [v1/core]

The following table describes the parameters for SecurityContext object:

Field Type Description

allowPrivilegeEscalation

boolean

AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN

capabilities

Capabilities

The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.

privileged

boolean

Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.

procMount

string

procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.

readOnlyRootFilesystem

boolean

Whether this container has a read-only root filesystem. Default is false.

runAsGroup

integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsNonRoot

boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser

integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

seLinuxOptions

SELinuxOptions

The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

windowsOptions

WindowsSecurityContextOptions

The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

Capabilities [v1/core]

The following table describes the parameters for Capabilities object:

Field Type Description

add

string array

Added capabilities

drop

string array

Removed capabilities

ResourceRequirements [v1/core]

The following table describes the parameters for ResourceRequirements object:

Field Type Description

limits

object

Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

requests

object

Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

ContainerPort [v1/core]

The following table describes the parameters for ContainerPort object:

Field Type Description

containerPort

integer

Number of port to expose on the pod’s IP address. This must be a valid port number, 0 < x < 65536.

hostIP

string

What host IP to bind the external port to.

hostPort

integer

Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.

name

string

If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.

protocol

string

Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".

Probe [v1/core]

The following table describes the parameters for Probe object:

Field Type Description

exec

ExecAction

One and only one of the following should be specified. Exec specifies the action to take.

failureThreshold

integer

Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.

httpGet

HTTPGetAction

HTTPGet specifies the http request to perform.

initialDelaySeconds

integer

Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

periodSeconds

integer

How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.

successThreshold

integer

Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

tcpSocket

TCPSocketAction

TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported

timeoutSeconds

integer

Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

TCPSocketAction [v1/core]

The following table describes the parameters for TCPSocketAction object:

Field Type Description

host

string

Optional: Host name to connect to, defaults to the pod IP.

port

Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

HTTPGetAction [v1/core]

The following table describes the parameters for HTTPGetAction object:

Field Type Description

host

string

Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.

httpHeaders

HTTPHeader array

Custom headers to set in the request. HTTP allows repeated headers.

path

string

Path to access on the HTTP server.

port

Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

scheme

string

Scheme to use for connecting to the host. Defaults to HTTP.

HTTPHeader [v1/core]

The following table describes the parameters for HTTPHeader object:

Field Type Description

name

string

The header field name

value

string

The header field value

ExecAction [v1/core]

The following table describes the parameters for ExecAction object:

Field Type Description

command

string array

Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('

Lifecycle [v1/core]

The following table describes the parameters for Lifecycle object:

Field Type Description

postStart

Handler

PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

preStop

Handler

PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod’s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod’s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

Handler [v1/core]

The following table describes the parameters for Handler object:

Field Type Description

exec

ExecAction

One and only one of the following should be specified. Exec specifies the action to take.

httpGet

HTTPGetAction

HTTPGet specifies the http request to perform.

tcpSocket

TCPSocketAction

TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported

EnvFromSource [v1/core]

The following table describes the parameters for EnvFromSource object:

Field Type Description

configMapRef

ConfigMapEnvSource

The ConfigMap to select from

prefix

string

An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.

secretRef

SecretEnvSource

The Secret to select from

SecretEnvSource [v1/core]

The following table describes the parameters for SecretEnvSource object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret must be defined

ConfigMapEnvSource [v1/core]

The following table describes the parameters for ConfigMapEnvSource object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap must be defined

EnvVar [v1/core]

The following table describes the parameters for EnvVar object:

Field Type Description

name

string

Name of the environment variable. Must be a C_IDENTIFIER.

value

string

Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".

valueFrom

EnvVarSource

Source for the environment variable’s value. Cannot be used if value is not empty.

EnvVarSource [v1/core]

The following table describes the parameters for EnvVarSource object:

Field Type Description

configMapKeyRef

ConfigMapKeySelector

Selects a key of a ConfigMap.

fieldRef

ObjectFieldSelector

Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP.

resourceFieldRef

ResourceFieldSelector

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.

secretKeyRef

SecretKeySelector

Selects a key of a secret in the pod’s namespace

SecretKeySelector [v1/core]

The following table describes the parameters for SecretKeySelector object:

Field Type Description

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

ConfigMapKeySelector [v1/core]

The following table describes the parameters for ConfigMapKeySelector object:

Field Type Description

key

string

The key to select.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its key must be defined

PodDNSConfig [v1/core]

The following table describes the parameters for PodDNSConfig object:

Field Type Description

nameservers

string array

A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.

options

PodDNSConfigOption array

A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.

searches

string array

A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.

PodDNSConfigOption [v1/core]

The following table describes the parameters for PodDNSConfigOption object:

Field Type Description

name

string

Required.

value

string

Container [v1/core]

The following table describes the parameters for Container object:

Field Type Description

args

string array

Arguments to the entrypoint. The docker image’s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

command

string array

Entrypoint array. Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

env

EnvVar array

List of environment variables to set in the container. Cannot be updated.

envFrom

EnvFromSource array

List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.

image

string

Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.

imagePullPolicy

string

Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images

lifecycle

Lifecycle

Actions that the management system should take in response to container lifecycle events. Cannot be updated.

livenessProbe

Probe

Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

name

string

Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.

ports

ContainerPort array

List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated.

readinessProbe

Probe

Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

resources

ResourceRequirements

Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

securityContext

SecurityContext

Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

startupProbe

Probe

StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod’s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is an alpha feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

stdin

boolean

Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.

stdinOnce

boolean

Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false

terminationMessagePath

string

Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.

terminationMessagePolicy

string

Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.

tty

boolean

Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.

volumeDevices

VolumeDevice array

volumeDevices is the list of block devices to be used by the container. This is a beta feature.

volumeMounts

VolumeMount array

Pod volumes to mount into the container’s filesystem. Cannot be updated.

workingDir

string

Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.

Affinity [v1/core]

The following table describes the parameters for Affinity object:

Field Type Description

nodeAffinity

NodeAffinity

Describes node affinity scheduling rules for the pod.

podAffinity

PodAffinity

Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).

podAntiAffinity

PodAntiAffinity

Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).

PodAntiAffinity [v1/core]

The following table describes the parameters for PodAntiAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

WeightedPodAffinityTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

PodAffinityTerm array

If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

PodAffinityTerm [v1/core]

The following table describes the parameters for PodAffinityTerm object:

Field Type Description

labelSelector

LabelSelector

A label query over a set of resources, in this case pods.

namespaces

string array

namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod’s namespace"

topologyKey

string

This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.

WeightedPodAffinityTerm [v1/core]

The following table describes the parameters for WeightedPodAffinityTerm object:

Field Type Description

podAffinityTerm

PodAffinityTerm

Required. A pod affinity term, associated with the corresponding weight.

weight

integer

weight associated with matching the corresponding podAffinityTerm, in the range 1-100.

PodAffinity [v1/core]

The following table describes the parameters for PodAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

WeightedPodAffinityTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

PodAffinityTerm array

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

NodeAffinity [v1/core]

The following table describes the parameters for NodeAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

PreferredSchedulingTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

NodeSelector

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.

NodeSelector [v1/core]

The following table describes the parameters for NodeSelector object:

Field Type Description

nodeSelectorTerms

NodeSelectorTerm array

Required. A list of node selector terms. The terms are ORed.

NodeSelectorTerm [v1/core]

The following table describes the parameters for NodeSelectorTerm object:

Field Type Description

matchExpressions

NodeSelectorRequirement array

A list of node selector requirements by node’s labels.

matchFields

NodeSelectorRequirement array

A list of node selector requirements by node’s fields.

NodeSelectorRequirement [v1/core]

The following table describes the parameters for NodeSelectorRequirement object:

Field Type Description

key

string

The label key that the selector applies to.

operator

string

Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.

values

string array

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.

PreferredSchedulingTerm [v1/core]

The following table describes the parameters for PreferredSchedulingTerm object:

Field Type Description

preference

NodeSelectorTerm

A node selector term, associated with the corresponding weight.

weight

integer

Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

RollbackConfig [v1beta1/extensions]

The following table describes the parameters for RollbackConfig object:

Field Type Description

revision

integer

The revision to rollback to. If set to 0, rollback to the last revision.

Operations

Write Operations

Create

create a Deployment

HTTP request

post /apis/extensions/v1beta1/namespaces/{namespace}/deployments

Table 1437. HTTP body
Object	Type
`body`	Deployment

Table 1438. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1439. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1440. HTTP responses
Code	Type
200 - OK	Deployment
201 - Created	Deployment
202 - Accepted	Deployment

Patch

partially update the specified Deployment

HTTP request

patch /apis/extensions/v1beta1/namespaces/{namespace}/deployments/{name}

Table 1441. HTTP body
Object	Type
`body`	Patch

Table 1442. Path parameters
Parameter	Description
`name`	name of the Deployment
`namespace`	object name and auth scope, such as for teams and projects

Table 1443. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1444. HTTP responses
Code	Type
200 - OK	Deployment

Replace

replace the specified Deployment

HTTP request

put /apis/extensions/v1beta1/namespaces/{namespace}/deployments/{name}

Table 1445. HTTP body
Object	Type
`body`	Deployment

Table 1446. Path parameters
Parameter	Description
`name`	name of the Deployment
`namespace`	object name and auth scope, such as for teams and projects

Table 1447. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1448. HTTP responses
Code	Type
200 - OK	Deployment
201 - Created	Deployment

Delete

delete a Deployment

HTTP request

delete /apis/extensions/v1beta1/namespaces/{namespace}/deployments/{name}

Table 1449. HTTP body
Object	Type
`body`	DeleteOptions

Table 1450. Path parameters
Parameter	Description
`name`	name of the Deployment
`namespace`	object name and auth scope, such as for teams and projects

Table 1451. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 1452. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of Deployment

HTTP request

delete /apis/extensions/v1beta1/namespaces/{namespace}/deployments

Table 1453. HTTP body
Object	Type
`body`	DeleteOptions

Table 1454. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1455. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1456. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified Deployment

HTTP request

get /apis/extensions/v1beta1/namespaces/{namespace}/deployments/{name}

Table 1457. Path parameters
Parameter	Description
`name`	name of the Deployment
`namespace`	object name and auth scope, such as for teams and projects

Table 1458. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 1459. HTTP responses
Code	Type
200 - OK	Deployment

List

list or watch objects of kind Deployment

HTTP request

get /apis/extensions/v1beta1/namespaces/{namespace}/deployments

Table 1460. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1461. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1462. HTTP responses
Code	Type
200 - OK	DeploymentList

List All Namespaces

list or watch objects of kind Deployment

HTTP request

get /apis/extensions/v1beta1/deployments

Table 1463. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1464. HTTP responses
Code	Type
200 - OK	DeploymentList

Watch

watch changes to an object of kind Deployment. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /apis/extensions/v1beta1/watch/namespaces/{namespace}/deployments/{name}

Table 1465. Path parameters
Parameter	Description
`name`	name of the Deployment
`namespace`	object name and auth scope, such as for teams and projects

Table 1466. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1467. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of Deployment. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/extensions/v1beta1/watch/namespaces/{namespace}/deployments

Table 1468. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1469. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1470. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List All Namespaces

watch individual changes to a list of Deployment. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/extensions/v1beta1/watch/deployments

Table 1471. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1472. HTTP responses
Code	Type
200 - OK	WatchEvent

Status Operations

Patch Status

partially update status of the specified Deployment

HTTP request

patch /apis/extensions/v1beta1/namespaces/{namespace}/deployments/{name}/status

Table 1473. HTTP body
Object	Type
`body`	Patch

Table 1474. Path parameters
Parameter	Description
`name`	name of the Deployment
`namespace`	object name and auth scope, such as for teams and projects

Table 1475. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1476. HTTP responses
Code	Type
200 - OK	Deployment

Read Status

read status of the specified Deployment

HTTP request

get /apis/extensions/v1beta1/namespaces/{namespace}/deployments/{name}/status

Table 1477. Path parameters
Parameter	Description
`name`	name of the Deployment
`namespace`	object name and auth scope, such as for teams and projects

Table 1478. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 1479. HTTP responses
Code	Type
200 - OK	Deployment

Replace Status

replace status of the specified Deployment

HTTP request

put /apis/extensions/v1beta1/namespaces/{namespace}/deployments/{name}/status

Table 1480. HTTP body
Object	Type
`body`	Deployment

Table 1481. Path parameters
Parameter	Description
`name`	name of the Deployment
`namespace`	object name and auth scope, such as for teams and projects

Table 1482. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1483. HTTP responses
Code	Type
200 - OK	Deployment
201 - Created	Deployment

Misc Operations

Read Scale

read scale of the specified Deployment

HTTP request

get /apis/extensions/v1beta1/namespaces/{namespace}/deployments/{name}/scale

Table 1484. Path parameters
Parameter	Description
`name`	name of the Scale
`namespace`	object name and auth scope, such as for teams and projects

Table 1485. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 1486. HTTP responses
Code	Type
200 - OK	Scale

Replace Scale

replace scale of the specified Deployment

HTTP request

put /apis/extensions/v1beta1/namespaces/{namespace}/deployments/{name}/scale

Table 1487. HTTP body
Object	Type
`body`	Scale

Table 1488. Path parameters
Parameter	Description
`name`	name of the Scale
`namespace`	object name and auth scope, such as for teams and projects

Table 1489. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1490. HTTP responses
Code	Type
200 - OK	Scale
201 - Created	Scale

Patch Scale

partially update scale of the specified Deployment

HTTP request

patch /apis/extensions/v1beta1/namespaces/{namespace}/deployments/{name}/scale

Table 1491. HTTP body
Object	Type
`body`	Patch

Table 1492. Path parameters
Parameter	Description
`name`	name of the Scale
`namespace`	object name and auth scope, such as for teams and projects

Table 1493. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1494. HTTP responses
Code	Type
200 - OK	Scale

Rollback

create rollback of a Deployment

HTTP request

post /apis/extensions/v1beta1/namespaces/{namespace}/deployments/{name}/rollback

Table 1495. HTTP body
Object	Type
`body`	DeploymentRollback

Table 1496. Path parameters
Parameter	Description
`name`	name of the DeploymentRollback
`namespace`	object name and auth scope, such as for teams and projects

Table 1497. Query parameters
Parameter	Description
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.
`pretty`	If 'true', then the output is pretty printed.

Table 1498. HTTP responses
Code	Type
200 - OK	Status
201 - Created	Status
202 - Accepted	Status

Ingress v1beta1 extensions

Appears in

IngressList [extensions/v1beta1]

Definitions

Ingress [v1beta1/extensions]

The following table describes the parameters for the Ingress object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

IngressSpec

Spec is the desired state of the Ingress. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

status

IngressStatus

Status is the current state of the Ingress. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

IngressSpec [v1beta1/extensions]

The following table describes the parameters for IngressSpec object:

Field Type Description

backend

IngressBackend

A default backend capable of servicing requests that don’t match any rule. At least one of 'backend' or 'rules' must be specified. This field is optional to allow the loadbalancer controller or defaulting logic to specify a global default.

rules

IngressRule array

A list of host rules used to configure the Ingress. If unspecified, or no rule matches, all traffic is sent to the default backend.

tls

IngressTLS array

TLS configuration. Currently the Ingress only supports a single TLS port, 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI.

IngressStatus [v1beta1/extensions]

The following table describes the parameters for IngressStatus object:

Field Type Description

loadBalancer

LoadBalancerStatus

LoadBalancer contains the current status of the load-balancer.

IngressList [v1beta1/extensions]

The following table describes the parameters for IngressList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Ingress array

Items is the list of Ingress.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

LoadBalancerStatus [v1/core]

The following table describes the parameters for LoadBalancerStatus object:

Field Type Description

ingress

LoadBalancerIngress array

Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points.

LoadBalancerIngress [v1/core]

The following table describes the parameters for LoadBalancerIngress object:

Field Type Description

hostname

string

Hostname is set for load-balancer ingress points that are DNS based (typically AWS load-balancers)

ip

string

IP is set for load-balancer ingress points that are IP based (typically GCE or RHOSP load-balancers)

IngressTLS [v1beta1/extensions]

The following table describes the parameters for IngressTLS object:

Field Type Description

hosts

string array

Hosts are a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified.

secretName

string

SecretName is the name of the secret used to terminate SSL traffic on 443. Field is left optional to allow SSL routing based on SNI hostname alone. If the SNI host in a listener conflicts with the "Host" header field used by an IngressRule, the SNI host is used for termination and value of the Host header is used for routing.

IngressRule [v1beta1/extensions]

The following table describes the parameters for IngressRule object:

Field Type Description

host

string

Host is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the "host" part of the URI as defined in the RFC: 1. IPs are not allowed. Currently an IngressRuleValue can only apply to the IP in the Spec of the parent Ingress. 2. The : delimiter is not respected because ports are not allowed. Currently the port of an Ingress is implicitly :80 for http and :443 for https. Both these may change in the future. Incoming requests are matched against the host before the IngressRuleValue. If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue.

http

HTTPIngressRuleValue

HTTPIngressRuleValue [v1beta1/extensions]

The following table describes the parameters for HTTPIngressRuleValue object:

Field Type Description

paths

HTTPIngressPath array

A collection of paths that map requests to backends.

HTTPIngressPath [v1beta1/extensions]

The following table describes the parameters for HTTPIngressPath object:

Field Type Description

backend

IngressBackend

Backend defines the referenced service endpoint to which the traffic will be forwarded to.

path

string

Path is an extended POSIX regex as defined by IEEE Std 1003.1, (i.e this follows the egrep/unix syntax, not the perl syntax) matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/'. If unspecified, the path defaults to a catch all sending traffic to the backend.

IngressBackend [v1beta1/extensions]

The following table describes the parameters for IngressBackend object:

Field Type Description

serviceName

string

Specifies the name of the referenced service.

servicePort

Specifies the port of the referenced service.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create an Ingress

HTTP request

post /apis/extensions/v1beta1/namespaces/{namespace}/ingresses

Table 1499. HTTP body
Object	Type
`body`	Ingress

Table 1500. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1501. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1502. HTTP responses
Code	Type
200 - OK	Ingress
201 - Created	Ingress
202 - Accepted	Ingress

Patch

partially update the specified Ingress

HTTP request

patch /apis/extensions/v1beta1/namespaces/{namespace}/ingresses/{name}

Table 1503. HTTP body
Object	Type
`body`	Patch

Table 1504. Path parameters
Parameter	Description
`name`	name of the Ingress
`namespace`	object name and auth scope, such as for teams and projects

Table 1505. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1506. HTTP responses
Code	Type
200 - OK	Ingress

Replace

replace the specified Ingress

HTTP request

put /apis/extensions/v1beta1/namespaces/{namespace}/ingresses/{name}

Table 1507. HTTP body
Object	Type
`body`	Ingress

Table 1508. Path parameters
Parameter	Description
`name`	name of the Ingress
`namespace`	object name and auth scope, such as for teams and projects

Table 1509. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1510. HTTP responses
Code	Type
200 - OK	Ingress
201 - Created	Ingress

Delete

delete an Ingress

HTTP request

delete /apis/extensions/v1beta1/namespaces/{namespace}/ingresses/{name}

Table 1511. HTTP body
Object	Type
`body`	DeleteOptions

Table 1512. Path parameters
Parameter	Description
`name`	name of the Ingress
`namespace`	object name and auth scope, such as for teams and projects

Table 1513. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 1514. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of Ingress

HTTP request

delete /apis/extensions/v1beta1/namespaces/{namespace}/ingresses

Table 1515. HTTP body
Object	Type
`body`	DeleteOptions

Table 1516. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1517. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1518. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified Ingress

HTTP request

get /apis/extensions/v1beta1/namespaces/{namespace}/ingresses/{name}

Table 1519. Path parameters
Parameter	Description
`name`	name of the Ingress
`namespace`	object name and auth scope, such as for teams and projects

Table 1520. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 1521. HTTP responses
Code	Type
200 - OK	Ingress

List

list or watch objects of kind Ingress

HTTP request

get /apis/extensions/v1beta1/namespaces/{namespace}/ingresses

Table 1522. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1523. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1524. HTTP responses
Code	Type
200 - OK	IngressList

List All Namespaces

list or watch objects of kind Ingress

HTTP request

get /apis/extensions/v1beta1/ingresses

Table 1525. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1526. HTTP responses
Code	Type
200 - OK	IngressList

Watch

watch changes to an object of kind Ingress. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /apis/extensions/v1beta1/watch/namespaces/{namespace}/ingresses/{name}

Table 1527. Path parameters
Parameter	Description
`name`	name of the Ingress
`namespace`	object name and auth scope, such as for teams and projects

Table 1528. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1529. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of Ingress. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/extensions/v1beta1/watch/namespaces/{namespace}/ingresses

Table 1530. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1531. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1532. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List All Namespaces

watch individual changes to a list of Ingress. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/extensions/v1beta1/watch/ingresses

Table 1533. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1534. HTTP responses
Code	Type
200 - OK	WatchEvent

Status Operations

Patch Status

partially update status of the specified Ingress

HTTP request

patch /apis/extensions/v1beta1/namespaces/{namespace}/ingresses/{name}/status

Table 1535. HTTP body
Object	Type
`body`	Patch

Table 1536. Path parameters
Parameter	Description
`name`	name of the Ingress
`namespace`	object name and auth scope, such as for teams and projects

Table 1537. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1538. HTTP responses
Code	Type
200 - OK	Ingress

Read Status

read status of the specified Ingress

HTTP request

get /apis/extensions/v1beta1/namespaces/{namespace}/ingresses/{name}/status

Table 1539. Path parameters
Parameter	Description
`name`	name of the Ingress
`namespace`	object name and auth scope, such as for teams and projects

Table 1540. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 1541. HTTP responses
Code	Type
200 - OK	Ingress

Replace Status

replace status of the specified Ingress

HTTP request

put /apis/extensions/v1beta1/namespaces/{namespace}/ingresses/{name}/status

Table 1542. HTTP body
Object	Type
`body`	Ingress

Table 1543. Path parameters
Parameter	Description
`name`	name of the Ingress
`namespace`	object name and auth scope, such as for teams and projects

Table 1544. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1545. HTTP responses
Code	Type
200 - OK	Ingress
201 - Created	Ingress

NetworkPolicy v1beta1 extensions

Appears in

NetworkPolicyList [extensions/v1beta1]

Definitions

NetworkPolicy [v1beta1/extensions]

The following table describes the parameters for the NetworkPolicy object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

NetworkPolicySpec

Specification of the desired behavior for this NetworkPolicy.

NetworkPolicySpec [v1beta1/extensions]

The following table describes the parameters for NetworkPolicySpec object:

Field Type Description

egress

NetworkPolicyEgressRule array

List of egress rules to be applied to the selected pods. Outgoing traffic is allowed if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic matches at least one egress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy limits all outgoing traffic (and serves solely to ensure that the pods it selects are isolated by default). This field is beta-level in 1.8

ingress

NetworkPolicyIngressRule array

List of ingress rules to be applied to the selected pods. Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod OR if the traffic source is the pod’s local node, OR if the traffic matches at least one ingress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy does not allow any traffic (and serves solely to ensure that the pods it selects are isolated by default).

podSelector

LabelSelector

Selects the pods to which this NetworkPolicy object applies. The array of ingress rules is applied to any pods selected by this field. Multiple network policies can select the same set of pods. In this case, the ingress rules for each are combined additively. This field is NOT optional and follows standard label selector semantics. An empty podSelector matches all pods in this namespace.

policyTypes

string array

List of rule types that the NetworkPolicy relates to. Valid options are "Ingress", "Egress", or "Ingress,Egress". If this field is not specified, it will default based on the existence of Ingress or Egress rules; policies that contain an Egress section are assumed to affect Egress, and all policies (whether or not they contain an Ingress section) are assumed to affect Ingress. If you want to write an egress-only policy, you must explicitly specify policyTypes [ "Egress" ]. Likewise, if you want to write a policy that specifies that no egress is allowed, you must specify a policyTypes value that include "Egress" (since such a policy would not include an Egress section and would otherwise default to just [ "Ingress" ]). This field is beta-level in 1.8

NetworkPolicyList [v1beta1/extensions]

The following table describes the parameters for NetworkPolicyList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

NetworkPolicy array

Items is a list of schema objects.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

LabelSelector [v1/meta]

The following table describes the parameters for LabelSelector object:

Field Type Description

matchExpressions

LabelSelectorRequirement array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchLabels

object

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

LabelSelectorRequirement [v1/meta]

The following table describes the parameters for LabelSelectorRequirement object:

Field Type Description

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

string array

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

NetworkPolicyIngressRule [v1beta1/extensions]

The following table describes the parameters for NetworkPolicyIngressRule object:

Field Type Description

from

NetworkPolicyPeer array

List of sources which should be able to access the pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all sources (traffic not restricted by source). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the from list.

ports

NetworkPolicyPort array

List of ports which should be made accessible on the pods selected for this rule. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.

NetworkPolicyPort [v1beta1/extensions]

The following table describes the parameters for NetworkPolicyPort object:

Field Type Description

port

If specified, the port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched.

protocol

string

Optional. The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.

NetworkPolicyPeer [v1beta1/extensions]

The following table describes the parameters for NetworkPolicyPeer object:

Field Type Description

ipBlock

IPBlock

IPBlock defines policy on a particular IPBlock. If this field is set then neither of the other fields can be.

namespaceSelector

LabelSelector

Selects Namespaces using cluster-scoped labels. This field follows standard label selector semantics; if present but empty, it selects all namespaces.

If PodSelector is also set, then the NetworkPolicyPeer as a whole selects the Pods matching PodSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects all Pods in the Namespaces selected by NamespaceSelector.

podSelector

LabelSelector

This is a label selector which selects Pods. This field follows standard label selector semantics; if present but empty, it selects all pods.

If NamespaceSelector is also set, then the NetworkPolicyPeer as a whole selects the Pods matching PodSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects the Pods matching PodSelector in the policy’s own Namespace.

IPBlock [v1beta1/extensions]

The following table describes the parameters for IPBlock object:

Field Type Description

cidr

string

CIDR is a string representing the IP Block Valid examples are "192.168.1.1/24"

except

string array

Except is a slice of CIDRs that should not be included within an IP Block Valid examples are "192.168.1.1/24" Except values will be rejected if they are outside the CIDR range

NetworkPolicyEgressRule [v1beta1/extensions]

The following table describes the parameters for NetworkPolicyEgressRule object:

Field Type Description

ports

NetworkPolicyPort array

List of destination ports for outgoing traffic. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.

to

NetworkPolicyPeer array

List of destinations for outgoing traffic of pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all destinations (traffic not restricted by destination). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the to list.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a NetworkPolicy

HTTP request

post /apis/extensions/v1beta1/namespaces/{namespace}/networkpolicies

Table 1546. HTTP body
Object	Type
`body`	NetworkPolicy

Table 1547. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1548. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1549. HTTP responses
Code	Type
200 - OK	NetworkPolicy
201 - Created	NetworkPolicy
202 - Accepted	NetworkPolicy

Patch

partially update the specified NetworkPolicy

HTTP request

patch /apis/extensions/v1beta1/namespaces/{namespace}/networkpolicies/{name}

Table 1550. HTTP body
Object	Type
`body`	Patch

Table 1551. Path parameters
Parameter	Description
`name`	name of the NetworkPolicy
`namespace`	object name and auth scope, such as for teams and projects

Table 1552. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1553. HTTP responses
Code	Type
200 - OK	NetworkPolicy

Replace

replace the specified NetworkPolicy

HTTP request

put /apis/extensions/v1beta1/namespaces/{namespace}/networkpolicies/{name}

Table 1554. HTTP body
Object	Type
`body`	NetworkPolicy

Table 1555. Path parameters
Parameter	Description
`name`	name of the NetworkPolicy
`namespace`	object name and auth scope, such as for teams and projects

Table 1556. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1557. HTTP responses
Code	Type
200 - OK	NetworkPolicy
201 - Created	NetworkPolicy

Delete

delete a NetworkPolicy

HTTP request

delete /apis/extensions/v1beta1/namespaces/{namespace}/networkpolicies/{name}

Table 1558. HTTP body
Object	Type
`body`	DeleteOptions

Table 1559. Path parameters
Parameter	Description
`name`	name of the NetworkPolicy
`namespace`	object name and auth scope, such as for teams and projects

Table 1560. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 1561. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of NetworkPolicy

HTTP request

delete /apis/extensions/v1beta1/namespaces/{namespace}/networkpolicies

Table 1562. HTTP body
Object	Type
`body`	DeleteOptions

Table 1563. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1564. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1565. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified NetworkPolicy

HTTP request

get /apis/extensions/v1beta1/namespaces/{namespace}/networkpolicies/{name}

Table 1566. Path parameters
Parameter	Description
`name`	name of the NetworkPolicy
`namespace`	object name and auth scope, such as for teams and projects

Table 1567. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 1568. HTTP responses
Code	Type
200 - OK	NetworkPolicy

List

list or watch objects of kind NetworkPolicy

HTTP request

get /apis/extensions/v1beta1/namespaces/{namespace}/networkpolicies

Table 1569. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1570. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1571. HTTP responses
Code	Type
200 - OK	NetworkPolicyList

List All Namespaces

list or watch objects of kind NetworkPolicy

HTTP request

get /apis/extensions/v1beta1/networkpolicies

Table 1572. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1573. HTTP responses
Code	Type
200 - OK	NetworkPolicyList

Watch

watch changes to an object of kind NetworkPolicy. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /apis/extensions/v1beta1/watch/namespaces/{namespace}/networkpolicies/{name}

Table 1574. Path parameters
Parameter	Description
`name`	name of the NetworkPolicy
`namespace`	object name and auth scope, such as for teams and projects

Table 1575. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1576. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of NetworkPolicy. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/extensions/v1beta1/watch/namespaces/{namespace}/networkpolicies

Table 1577. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1578. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1579. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List All Namespaces

watch individual changes to a list of NetworkPolicy. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/extensions/v1beta1/watch/networkpolicies

Table 1580. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1581. HTTP responses
Code	Type
200 - OK	WatchEvent

PodSecurityPolicy v1beta1 extensions

Appears in

PodSecurityPolicyList [extensions/v1beta1]

Definitions

PodSecurityPolicy [v1beta1/extensions]

The following table describes the parameters for the PodSecurityPolicy object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

PodSecurityPolicySpec

spec defines the policy enforced.

PodSecurityPolicySpec [v1beta1/extensions]

The following table describes the parameters for PodSecurityPolicySpec object:

Field Type Description

allowPrivilegeEscalation

boolean

allowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.

allowedCSIDrivers

AllowedCSIDriver array

AllowedCSIDrivers is a whitelist of inline CSI drivers that must be explicitly set to be embedded within a pod spec. An empty value indicates that any CSI driver can be used for inline ephemeral volumes.

allowedCapabilities

string array

allowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author’s discretion. You must not list a capability in both allowedCapabilities and requiredDropCapabilities.

allowedFlexVolumes

AllowedFlexVolume array

allowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the "volumes" field.

allowedHostPaths

AllowedHostPath array

allowedHostPaths is a white list of allowed host paths. Empty indicates that all host paths may be used.

allowedProcMountTypes

string array

AllowedProcMountTypes is a whitelist of allowed ProcMountTypes. Empty or nil indicates that only the DefaultProcMountType may be used. This requires the ProcMountType feature flag to be enabled.

allowedUnsafeSysctls

string array

allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.

Examples: e.g. "foo/" allows "foo/bar", "foo/baz", etc. e.g. "foo.*" allows "foo.bar", "foo.baz", etc.

defaultAddCapabilities

string array

defaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capability in both defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the allowedCapabilities list.

defaultAllowPrivilegeEscalation

boolean

defaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.

forbiddenSysctls

string array

forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.

Examples: e.g. "foo/" forbids "foo/bar", "foo/baz", etc. e.g. "foo.*" forbids "foo.bar", "foo.baz", etc.

fsGroup

FSGroupStrategyOptions

fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.

hostIPC

boolean

hostIPC determines if the policy allows the use of HostIPC in the pod spec.

hostNetwork

boolean

hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.

hostPID

boolean

hostPID determines if the policy allows the use of HostPID in the pod spec.

hostPorts

HostPortRange array

hostPorts determines which host port ranges are allowed to be exposed.

privileged

boolean

privileged determines if a pod can request to be run as privileged.

readOnlyRootFilesystem

boolean

readOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.

requiredDropCapabilities

string array

requiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added.

runAsGroup

RunAsGroupStrategyOptions

RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set. If this field is omitted, the pod’s RunAsGroup can take any value. This field requires the RunAsGroup feature gate to be enabled.

runAsUser

RunAsUserStrategyOptions

runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.

runtimeClass

RuntimeClassStrategyOptions

runtimeClass is the strategy that will dictate the allowable RuntimeClasses for a pod. If this field is omitted, the pod’s runtimeClassName field is unrestricted. Enforcement of this field depends on the RuntimeClass feature gate being enabled.

seLinux

SELinuxStrategyOptions

seLinux is the strategy that will dictate the allowable labels that may be set.

supplementalGroups

SupplementalGroupsStrategyOptions

supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.

volumes

string array

volumes is a white list of allowed volume plugins. Empty indicates that no volumes may be used. To allow all volumes you may use '*'.

PodSecurityPolicyList [v1beta1/extensions]

The following table describes the parameters for PodSecurityPolicyList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

PodSecurityPolicy array

items is a list of schema objects.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

SupplementalGroupsStrategyOptions [v1beta1/extensions]

The following table describes the parameters for SupplementalGroupsStrategyOptions object:

Field Type Description

ranges

IDRange array

ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs.

rule

string

rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.

IDRange [v1beta1/extensions]

The following table describes the parameters for IDRange object:

Field Type Description

max

integer

max is the end of the range, inclusive.

min

integer

min is the start of the range, inclusive.

SELinuxStrategyOptions [v1beta1/extensions]

The following table describes the parameters for SELinuxStrategyOptions object:

Field Type Description

rule

string

rule is the strategy that will dictate the allowable labels that may be set.

seLinuxOptions

SELinuxOptions

seLinuxOptions required to run as; required for MustRunAs More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

SELinuxOptions [v1/core]

The following table describes the parameters for SELinuxOptions object:

Field Type Description

level

string

Level is SELinux level label that applies to the container.

role

string

Role is a SELinux role label that applies to the container.

type

string

Type is a SELinux type label that applies to the container.

user

string

User is a SELinux user label that applies to the container.

RuntimeClassStrategyOptions [v1beta1/extensions]

The following table describes the parameters for RuntimeClassStrategyOptions object:

Field Type Description

allowedRuntimeClassNames

string array

allowedRuntimeClassNames is a whitelist of RuntimeClass names that may be specified on a pod. A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.

defaultRuntimeClassName

string

defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.

RunAsUserStrategyOptions [v1beta1/extensions]

The following table describes the parameters for RunAsUserStrategyOptions object:

Field Type Description

ranges

IDRange array

ranges are the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs.

rule

string

rule is the strategy that will dictate the allowable RunAsUser values that may be set.

RunAsGroupStrategyOptions [v1beta1/extensions]

The following table describes the parameters for RunAsGroupStrategyOptions object:

Field Type Description

ranges

IDRange array

ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.

rule

string

rule is the strategy that will dictate the allowable RunAsGroup values that may be set.

HostPortRange [v1beta1/extensions]

The following table describes the parameters for HostPortRange object:

Field Type Description

max

integer

max is the end of the range, inclusive.

min

integer

min is the start of the range, inclusive.

FSGroupStrategyOptions [v1beta1/extensions]

The following table describes the parameters for FSGroupStrategyOptions object:

Field Type Description

ranges

IDRange array

ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs.

rule

string

rule is the strategy that will dictate what FSGroup is used in the SecurityContext.

AllowedHostPath [v1beta1/extensions]

The following table describes the parameters for AllowedHostPath object:

Field Type Description

pathPrefix

string

pathPrefix is the path prefix that the host volume must match. It does not support *. Trailing slashes are trimmed when validating the path prefix with a host path.

Examples: /foo would allow /foo, /foo/ and /foo/bar /foo would not allow /food or /etc/foo

readOnly

boolean

when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.

AllowedFlexVolume [v1beta1/extensions]

The following table describes the parameters for AllowedFlexVolume object:

Field Type Description

driver

string

driver is the name of the Flexvolume driver.

AllowedCSIDriver [v1beta1/extensions]

The following table describes the parameters for AllowedCSIDriver object:

Field Type Description

name

string

Name is the registered name of the CSI driver

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a PodSecurityPolicy

HTTP request

post /apis/extensions/v1beta1/podsecuritypolicies

Table 1582. HTTP body
Object	Type
`body`	PodSecurityPolicy

Table 1583. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1584. HTTP responses
Code	Type
200 - OK	PodSecurityPolicy
201 - Created	PodSecurityPolicy
202 - Accepted	PodSecurityPolicy

Patch

partially update the specified PodSecurityPolicy

HTTP request

patch /apis/extensions/v1beta1/podsecuritypolicies/{name}

Table 1585. HTTP body
Object	Type
`body`	Patch

Table 1586. Path parameters
Parameter	Description
`name`	name of the PodSecurityPolicy

Table 1587. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1588. HTTP responses
Code	Type
200 - OK	PodSecurityPolicy

Replace

replace the specified PodSecurityPolicy

HTTP request

put /apis/extensions/v1beta1/podsecuritypolicies/{name}

Table 1589. HTTP body
Object	Type
`body`	PodSecurityPolicy

Table 1590. Path parameters
Parameter	Description
`name`	name of the PodSecurityPolicy

Table 1591. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1592. HTTP responses
Code	Type
200 - OK	PodSecurityPolicy
201 - Created	PodSecurityPolicy

Delete

delete a PodSecurityPolicy

HTTP request

delete /apis/extensions/v1beta1/podsecuritypolicies/{name}

Table 1593. HTTP body
Object	Type
`body`	DeleteOptions

Table 1594. Path parameters
Parameter	Description
`name`	name of the PodSecurityPolicy

Table 1595. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 1596. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of PodSecurityPolicy

HTTP request

delete /apis/extensions/v1beta1/podsecuritypolicies

Table 1597. HTTP body
Object	Type
`body`	DeleteOptions

Table 1598. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1599. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified PodSecurityPolicy

HTTP request

get /apis/extensions/v1beta1/podsecuritypolicies/{name}

Table 1600. Path parameters
Parameter	Description
`name`	name of the PodSecurityPolicy

Table 1601. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 1602. HTTP responses
Code	Type
200 - OK	PodSecurityPolicy

List

list or watch objects of kind PodSecurityPolicy

HTTP request

get /apis/extensions/v1beta1/podsecuritypolicies

Table 1603. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1604. HTTP responses
Code	Type
200 - OK	PodSecurityPolicyList

Watch

watch changes to an object of kind PodSecurityPolicy. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /apis/extensions/v1beta1/watch/podsecuritypolicies/{name}

Table 1605. Path parameters
Parameter	Description
`name`	name of the PodSecurityPolicy

Table 1606. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1607. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of PodSecurityPolicy. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/extensions/v1beta1/watch/podsecuritypolicies

Table 1608. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1609. HTTP responses
Code	Type
200 - OK	WatchEvent

ReplicaSet v1beta1 extensions

Appears in

ReplicaSetList [extensions/v1beta1]

Definitions

ReplicaSet [v1beta1/extensions]

The following table describes the parameters for the ReplicaSet object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

If the Labels of a ReplicaSet are empty, they are defaulted to be the same as the Pod(s) that the ReplicaSet manages. Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

ReplicaSetSpec

Spec defines the specification of the desired behavior of the ReplicaSet. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

status

ReplicaSetStatus

Status is the most recently observed status of the ReplicaSet. This data may be out of date by some window of time. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

ReplicaSetSpec [v1beta1/extensions]

The following table describes the parameters for ReplicaSetSpec object:

Field Type Description

minReadySeconds

integer

Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)

replicas

integer

Replicas is the number of desired replicas. This is a pointer to distinguish between explicit zero and unspecified. Defaults to 1. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller

selector

LabelSelector

Selector is a label query over pods that should match the replica count. If the selector is empty, it is defaulted to the labels present on the pod template. Label keys and values that must match in order to be controlled by this replica set. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors

template

PodTemplateSpec

Template is the object that describes the pod that will be created if insufficient replicas are detected. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template

ReplicaSetStatus [v1beta1/extensions]

The following table describes the parameters for ReplicaSetStatus object:

Field Type Description

availableReplicas

integer

The number of available replicas (ready for at least minReadySeconds) for this replica set.

conditions

ReplicaSetCondition array

Represents the latest available observations of a replica set’s current state.

fullyLabeledReplicas

integer

The number of pods that have labels matching the labels of the pod template of the replicaset.

observedGeneration

integer

ObservedGeneration reflects the generation of the most recently observed ReplicaSet.

readyReplicas

integer

The number of ready replicas for this replica set.

replicas

integer

Replicas is the most recently oberved number of replicas. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller

ReplicaSetList [v1beta1/extensions]

The following table describes the parameters for ReplicaSetList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

ReplicaSet array

List of ReplicaSets. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

ReplicaSetCondition [v1beta1/extensions]

The following table describes the parameters for ReplicaSetCondition object:

Field Type Description

lastTransitionTime

Time

The last time the condition transitioned from one status to another.

message

string

A human readable message indicating details about the transition.

reason

string

The reason for the condition’s last transition.

status

string

Status of the condition, one of True, False, Unknown.

type

string

Type of replica set condition.

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

PodTemplateSpec [v1/core]

The following table describes the parameters for PodTemplateSpec object:

Field Type Description

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

PodSpec

Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

PodSpec [v1/core]

The following table describes the parameters for PodSpec object:

Field Type Description

activeDeadlineSeconds

integer

Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.

affinity

Affinity

If specified, the pod’s scheduling constraints

automountServiceAccountToken

boolean

AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.

containers

Container array

List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.

dnsConfig

PodDNSConfig

Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.

dnsPolicy

string

Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.

enableServiceLinks

boolean

EnableServiceLinks indicates whether information about services should be injected into pod’s environment variables, matching the syntax of Docker links. Optional: Defaults to true.

ephemeralContainers

EphemeralContainer array

List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod’s ephemeralcontainers subresource. This field is alpha-level and is only honored by servers that enable the EphemeralContainers feature.

hostAliases

HostAlias array

HostAliases is an optional list of hosts and IPs that will be injected into the pod’s hosts file if specified. This is only valid for non-hostNetwork pods.

hostIPC

boolean

Use the host’s ipc namespace. Optional: Default to false.

hostNetwork

boolean

Host networking requested for this pod. Use the host’s network namespace. If this option is set, the ports that will be used must be specified. Default to false.

hostPID

boolean

Use the host’s pid namespace. Optional: Default to false.

hostname

string

Specifies the hostname of the Pod If not specified, the pod’s hostname will be set to a system-defined value.

imagePullSecrets

LocalObjectReference array

ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod

initContainers

Container array

List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

nodeName

string

NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.

nodeSelector

object

NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node’s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/

overhead

object

Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md This field is alpha-level as of Kubernetes v1.16, and is only honored by servers that enable the PodOverhead feature.

preemptionPolicy

string

PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. This field is alpha-level and is only honored by servers that enable the NonPreemptingPriority feature.

priority

integer

The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.

priorityClassName

string

If specified, indicates the pod’s priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.

readinessGates

PodReadinessGate array

If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md

restartPolicy

string

Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy

runtimeClassName

string

RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md This is a beta feature as of Kubernetes v1.14.

schedulerName

string

If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.

securityContext

PodSecurityContext

SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.

serviceAccount

string

DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.

serviceAccountName

string

ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

shareProcessNamespace

boolean

Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false. This field is beta-level and may be disabled with the PodShareProcessNamespace feature.

subdomain

string

If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not specified, the pod will not have a domainname at all.

terminationGracePeriodSeconds

integer

Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.

tolerations

Toleration array

If specified, the pod’s tolerations.

topologySpreadConstraints

TopologySpreadConstraint array

TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. This field is alpha-level and is only honored by clusters that enables the EvenPodsSpread feature. All topologySpreadConstraints are ANDed.

volumes

Volume array

List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes

Volume [v1/core]

The following table describes the parameters for Volume object:

Field Type Description

awsElasticBlockStore

AWSElasticBlockStoreVolumeSource

AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

azureDisk

AzureDiskVolumeSource

AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.

azureFile

AzureFileVolumeSource

AzureFile represents an Azure File Service mount on the host and bind mount to the pod.

cephfs

CephFSVolumeSource

CephFS represents a Ceph FS mount on the host that shares a pod’s lifetime

cinder

CinderVolumeSource

Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

configMap

ConfigMapVolumeSource

ConfigMap represents a configMap that should populate this volume

csi

CSIVolumeSource

CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature).

downwardAPI

DownwardAPIVolumeSource

DownwardAPI represents downward API about the pod that should populate this volume

emptyDir

EmptyDirVolumeSource

EmptyDir represents a temporary directory that shares a pod’s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir

fc

FCVolumeSource

FC represents a Fibre Channel resource that is attached to a kubelet’s host machine and then exposed to the pod.

flexVolume

FlexVolumeSource

FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.

flocker

FlockerVolumeSource

Flocker represents a Flocker volume attached to a kubelet’s host machine. This depends on the Flocker control service being running

gcePersistentDisk

GCEPersistentDiskVolumeSource

GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

gitRepo

GitRepoVolumeSource

GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod’s container.

glusterfs

GlusterfsVolumeSource

Glusterfs represents a Glusterfs mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md

hostPath

HostPathVolumeSource

HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

iscsi

ISCSIVolumeSource

ISCSI represents an ISCSI Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md

name

string

Volume’s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

nfs

NFSVolumeSource

NFS represents an NFS mount on the host that shares a pod’s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

persistentVolumeClaim

PersistentVolumeClaimVolumeSource

PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

photonPersistentDisk

PhotonPersistentDiskVolumeSource

PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine

portworxVolume

PortworxVolumeSource

PortworxVolume represents a portworx volume attached and mounted on kubelets host machine

projected

ProjectedVolumeSource

Items for all in one resources secrets, configmaps, and downward API

quobyte

QuobyteVolumeSource

Quobyte represents a Quobyte mount on the host that shares a pod’s lifetime

rbd

RBDVolumeSource

RBD represents a Rados Block Device mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md

scaleIO

ScaleIOVolumeSource

ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.

secret

SecretVolumeSource

Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret

storageos

StorageOSVolumeSource

StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.

vsphereVolume

VsphereVirtualDiskVolumeSource

VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine

VsphereVirtualDiskVolumeSource [v1/core]

The following table describes the parameters for VsphereVirtualDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

storagePolicyID

string

Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.

storagePolicyName

string

Storage Policy Based Management (SPBM) profile name.

volumePath

string

Path that identifies vSphere volume vmdk

StorageOSVolumeSource [v1/core]

The following table describes the parameters for StorageOSVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.

volumeName

string

VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.

volumeNamespace

string

VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod’s namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.

LocalObjectReference [v1/core]

The following table describes the parameters for LocalObjectReference object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

SecretVolumeSource [v1/core]

The following table describes the parameters for SecretVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

optional

boolean

Specify whether the Secret or its keys must be defined

secretName

string

Name of the secret in the pod’s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret

KeyToPath [v1/core]

The following table describes the parameters for KeyToPath object:

Field Type Description

key

string

The key to project.

mode

integer

Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

path

string

The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.

ScaleIOVolumeSource [v1/core]

The following table describes the parameters for ScaleIOVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".

gateway

string

The host address of the ScaleIO API Gateway.

protectionDomain

string

The name of the ScaleIO Protection Domain for the configured storage.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.

sslEnabled

boolean

Flag to enable/disable SSL communication with Gateway, default false

storageMode

string

Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.

storagePool

string

The ScaleIO Storage Pool associated with the protection domain.

system

string

The name of the storage system as configured in ScaleIO.

volumeName

string

The name of a volume already created in the ScaleIO system that is associated with this volume source.

RBDVolumeSource [v1/core]

The following table describes the parameters for RBDVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd

image

string

The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

keyring

string

Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

monitors

string array

A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

pool

string

The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

secretRef

LocalObjectReference

SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

user

string

The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

QuobyteVolumeSource [v1/core]

The following table describes the parameters for QuobyteVolumeSource object:

Field Type Description

group

string

Group to map volume access to Default is no group

readOnly

boolean

ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.

registry

string

Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes

tenant

string

Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin

user

string

User to map volume access to Defaults to serivceaccount user

volume

string

Volume is a string that references an already created Quobyte volume by name.

ProjectedVolumeSource [v1/core]

The following table describes the parameters for ProjectedVolumeSource object:

Field Type Description

defaultMode

integer

Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

sources

VolumeProjection array

list of volume projections

VolumeProjection [v1/core]

The following table describes the parameters for VolumeProjection object:

Field Type Description

configMap

ConfigMapProjection

information about the configMap data to project

downwardAPI

DownwardAPIProjection

information about the downwardAPI data to project

secret

SecretProjection

information about the secret data to project

serviceAccountToken

ServiceAccountTokenProjection

information about the serviceAccountToken data to project

ServiceAccountTokenProjection [v1/core]

The following table describes the parameters for ServiceAccountTokenProjection object:

Field Type Description

audience

string

Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.

expirationSeconds

integer

ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.

path

string

Path is the path relative to the mount point of the file to project the token into.

SecretProjection [v1/core]

The following table describes the parameters for SecretProjection object:

Field Type Description

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

DownwardAPIProjection [v1/core]

The following table describes the parameters for DownwardAPIProjection object:

Field Type Description

items

DownwardAPIVolumeFile array

Items is a list of DownwardAPIVolume file

DownwardAPIVolumeFile [v1/core]

The following table describes the parameters for DownwardAPIVolumeFile object:

Field Type Description

fieldRef

ObjectFieldSelector

Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.

mode

integer

Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

path

string

Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'

resourceFieldRef

ResourceFieldSelector

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.

ResourceFieldSelector [v1/core]

The following table describes the parameters for ResourceFieldSelector object:

Field Type Description

containerName

string

Container name: required for volumes, optional for env vars

divisor

Quantity

Specifies the output format of the exposed resources, defaults to "1"

resource

string

Required: resource to select

Quantity [resource/core]

The following table describes the parameters for Quantity object:

Field

Type

Description

ObjectFieldSelector [v1/core]

The following table describes the parameters for ObjectFieldSelector object:

Field Type Description

apiVersion

string

Version of the schema the FieldPath is written in terms of, defaults to "v1".

fieldPath

string

Path of the field to select in the specified API version.

ConfigMapProjection [v1/core]

The following table describes the parameters for ConfigMapProjection object:

Field Type Description

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its keys must be defined

PortworxVolumeSource [v1/core]

The following table describes the parameters for PortworxVolumeSource object:

Field Type Description

fsType

string

FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

volumeID

string

VolumeID uniquely identifies a Portworx volume

PhotonPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for PhotonPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

pdID

string

ID that identifies Photon Controller persistent disk

PersistentVolumeClaimVolumeSource [v1/core]

The following table describes the parameters for PersistentVolumeClaimVolumeSource object:

Field Type Description

claimName

string

ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

readOnly

boolean

Will force the ReadOnly setting in VolumeMounts. Default false.

NFSVolumeSource [v1/core]

The following table describes the parameters for NFSVolumeSource object:

Field Type Description

path

string

Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

readOnly

boolean

ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

server

string

Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

ISCSIVolumeSource [v1/core]

The following table describes the parameters for ISCSIVolumeSource object:

Field Type Description

chapAuthDiscovery

boolean

whether support iSCSI Discovery CHAP authentication

chapAuthSession

boolean

whether support iSCSI Session CHAP authentication

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi

initiatorName

string

Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.

iqn

string

Target iSCSI Qualified Name.

iscsiInterface

string

iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).

lun

integer

iSCSI Target Lun number.

portals

string array

iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.

secretRef

LocalObjectReference

CHAP Secret for iSCSI target and initiator authentication

targetPortal

string

iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

HostPathVolumeSource [v1/core]

The following table describes the parameters for HostPathVolumeSource object:

Field Type Description

path

string

Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

type

string

Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

GlusterfsVolumeSource [v1/core]

The following table describes the parameters for GlusterfsVolumeSource object:

Field Type Description

endpoints

string

EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

path

string

Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

readOnly

boolean

ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

GitRepoVolumeSource [v1/core]

The following table describes the parameters for GitRepoVolumeSource object:

Field Type Description

directory

string

Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.

repository

string

Repository URL

revision

string

Commit hash for the specified revision.

GCEPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for GCEPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

pdName

string

Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

FlockerVolumeSource [v1/core]

The following table describes the parameters for FlockerVolumeSource object:

Field Type Description

datasetName

string

Name of the dataset stored as metadata → name on the dataset for Flocker should be considered as deprecated

datasetUUID

string

UUID of the dataset. This is unique identifier of a Flocker dataset

FlexVolumeSource [v1/core]

The following table describes the parameters for FlexVolumeSource object:

Field Type Description

driver

string

Driver is the name of the driver to use for this volume.

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.

options

object

Optional: Extra command options if any.

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.

FCVolumeSource [v1/core]

The following table describes the parameters for FCVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

lun

integer

Optional: FC target lun number

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

targetWWNs

string array

Optional: FC target worldwide names (WWNs)

wwids

string array

Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.

EmptyDirVolumeSource [v1/core]

The following table describes the parameters for EmptyDirVolumeSource object:

Field Type Description

medium

string

What type of storage medium should back this directory. The default is "" which means to use the node’s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir

sizeLimit

Quantity

Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir

DownwardAPIVolumeSource [v1/core]

The following table describes the parameters for DownwardAPIVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

DownwardAPIVolumeFile array

Items is a list of downward API volume file

CSIVolumeSource [v1/core]

The following table describes the parameters for CSIVolumeSource object:

Field Type Description

driver

string

Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.

fsType

string

Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.

nodePublishSecretRef

LocalObjectReference

NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.

readOnly

boolean

Specifies a read-only configuration for the volume. Defaults to false (read/write).

volumeAttributes

object

VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver’s documentation for supported values.

ConfigMapVolumeSource [v1/core]

The following table describes the parameters for ConfigMapVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its keys must be defined

CinderVolumeSource [v1/core]

The following table describes the parameters for CinderVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

secretRef

LocalObjectReference

Optional: points to a secret object containing parameters used to connect to RHOSP.

volumeID

string

volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

CephFSVolumeSource [v1/core]

The following table describes the parameters for CephFSVolumeSource object:

Field Type Description

monitors

string array

Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

path

string

Optional: Used as the mounted root, rather than the full Ceph tree, default is /

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretFile

string

Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretRef

LocalObjectReference

Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

user

string

Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

AzureFileVolumeSource [v1/core]

The following table describes the parameters for AzureFileVolumeSource object:

Field Type Description

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretName

string

the name of secret that contains Azure Storage Account Name and Key

shareName

string

Share Name

AzureDiskVolumeSource [v1/core]

The following table describes the parameters for AzureDiskVolumeSource object:

Field Type Description

cachingMode

string

Host Caching mode: None, Read Only, Read Write.

diskName

string

The Name of the data disk in the blob storage

diskURI

string

The URI the data disk in the blob storage

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

kind

string

Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

AWSElasticBlockStoreVolumeSource [v1/core]

The following table describes the parameters for AWSElasticBlockStoreVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).

readOnly

boolean

Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

volumeID

string

Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

TopologySpreadConstraint [v1/core]

The following table describes the parameters for TopologySpreadConstraint object:

Field Type Description

labelSelector

LabelSelector

LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.

maxSkew

integer

MaxSkew describes the degree to which pods may be unevenly distributed. It’s the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0:

zone1

zone2

zone3

P

- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It’s a required field. Default value is 1 and 0 is not allowed.

topologyKey

string

TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. It’s a required field.

whenUnsatisfiable

string

WhenUnsatisfiable indicates how to deal with a pod if it doesn’t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It’s considered as "Unsatisfiable" if and only if placing incoming pod on any topology violates "MaxSkew". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1:

zone1

zone2

zone3

P P P

P

LabelSelector [v1/meta]

The following table describes the parameters for LabelSelector object:

Field Type Description

matchExpressions

LabelSelectorRequirement array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchLabels

object

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

LabelSelectorRequirement [v1/meta]

The following table describes the parameters for LabelSelectorRequirement object:

Field Type Description

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

string array

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

Toleration [v1/core]

The following table describes the parameters for Toleration object:

Field Type Description

effect

string

Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.

key

string

Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.

operator

string

Operator represents a key’s relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.

tolerationSeconds

integer

TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.

value

string

Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.

PodSecurityContext [v1/core]

The following table describes the parameters for PodSecurityContext object:

Field Type Description

fsGroup

integer

A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:

1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR’d with rw-rw----

If unset, the Kubelet will not modify the ownership and permissions of any volume.

runAsGroup

integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

runAsNonRoot

boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser

integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

seLinuxOptions

SELinuxOptions

The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

supplementalGroups

integer array

A list of groups applied to the first process run in each container, in addition to the container’s primary GID. If unspecified, no groups will be added to any container.

sysctls

Sysctl array

Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch.

windowsOptions

WindowsSecurityContextOptions

The Windows specific settings applied to all containers. If unspecified, the options within a container’s SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

WindowsSecurityContextOptions [v1/core]

The following table describes the parameters for WindowsSecurityContextOptions object:

Field Type Description

gmsaCredentialSpec

string

GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.

gmsaCredentialSpecName

string

GMSACredentialSpecName is the name of the GMSA credential spec to use. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.

runAsUserName

string

The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. This field is alpha-level and it is only honored by servers that enable the WindowsRunAsUserName feature flag.

Sysctl [v1/core]

The following table describes the parameters for Sysctl object:

Field Type Description

name

string

Name of a property to set

value

string

Value of a property to set

SELinuxOptions [v1/core]

The following table describes the parameters for SELinuxOptions object:

Field Type Description

level

string

Level is SELinux level label that applies to the container.

role

string

Role is a SELinux role label that applies to the container.

type

string

Type is a SELinux type label that applies to the container.

user

string

User is a SELinux user label that applies to the container.

PodReadinessGate [v1/core]

The following table describes the parameters for PodReadinessGate object:

Field Type Description

conditionType

string

ConditionType refers to a condition in the pod’s condition list with matching type.

HostAlias [v1/core]

The following table describes the parameters for HostAlias object:

Field Type Description

hostnames

string array

Hostnames for the above IP address.

ip

string

IP address of the host file entry.

EphemeralContainer [v1/core]

The following table describes the parameters for EphemeralContainer object:

Field Type Description

args

string array

Arguments to the entrypoint. The docker image’s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

command

string array

Entrypoint array. Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

env

EnvVar array

List of environment variables to set in the container. Cannot be updated.

envFrom

EnvFromSource array

List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.

image

string

Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images

imagePullPolicy

string

Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images

lifecycle

Lifecycle

Lifecycle is not allowed for ephemeral containers.

livenessProbe

Probe

Probes are not allowed for ephemeral containers.

name

string

Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.

ports

ContainerPort array

Ports are not allowed for ephemeral containers.

readinessProbe

Probe

Probes are not allowed for ephemeral containers.

resources

ResourceRequirements

Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.

securityContext

SecurityContext

SecurityContext is not allowed for ephemeral containers.

startupProbe

Probe

Probes are not allowed for ephemeral containers.

stdin

boolean

Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.

stdinOnce

boolean

Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false

targetContainerName

string

If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container is run in whatever namespaces are shared for the pod. Note that the container runtime must support this feature.

terminationMessagePath

string

Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.

terminationMessagePolicy

string

Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.

tty

boolean

Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.

volumeDevices

VolumeDevice array

volumeDevices is the list of block devices to be used by the container. This is a beta feature.

volumeMounts

VolumeMount array

Pod volumes to mount into the container’s filesystem. Cannot be updated.

workingDir

string

Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.

VolumeMount [v1/core]

The following table describes the parameters for VolumeMount object:

Field Type Description

mountPath

string

Path within the container at which the volume should be mounted. Must not contain ':'.

mountPropagation

string

mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.

name

string

This must match the Name of a Volume.

readOnly

boolean

Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.

subPath

string

Path within the volume from which the container’s volume should be mounted. Defaults to "" (volume’s root).

subPathExpr

string

Expanded path within the volume from which the container’s volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container’s environment. Defaults to "" (volume’s root). SubPathExpr and SubPath are mutually exclusive. This field is beta in 1.15.

VolumeDevice [v1/core]

The following table describes the parameters for VolumeDevice object:

Field Type Description

devicePath

string

devicePath is the path inside of the container that the device will be mapped to.

name

string

name must match the name of a persistentVolumeClaim in the pod

SecurityContext [v1/core]

The following table describes the parameters for SecurityContext object:

Field Type Description

allowPrivilegeEscalation

boolean

AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN

capabilities

Capabilities

The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.

privileged

boolean

Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.

procMount

string

procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.

readOnlyRootFilesystem

boolean

Whether this container has a read-only root filesystem. Default is false.

runAsGroup

integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsNonRoot

boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser

integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

seLinuxOptions

SELinuxOptions

The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

windowsOptions

WindowsSecurityContextOptions

The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

Capabilities [v1/core]

The following table describes the parameters for Capabilities object:

Field Type Description

add

string array

Added capabilities

drop

string array

Removed capabilities

ResourceRequirements [v1/core]

The following table describes the parameters for ResourceRequirements object:

Field Type Description

limits

object

Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

requests

object

Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

ContainerPort [v1/core]

The following table describes the parameters for ContainerPort object:

Field Type Description

containerPort

integer

Number of port to expose on the pod’s IP address. This must be a valid port number, 0 < x < 65536.

hostIP

string

What host IP to bind the external port to.

hostPort

integer

Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.

name

string

If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.

protocol

string

Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".

Probe [v1/core]

The following table describes the parameters for Probe object:

Field Type Description

exec

ExecAction

One and only one of the following should be specified. Exec specifies the action to take.

failureThreshold

integer

Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.

httpGet

HTTPGetAction

HTTPGet specifies the http request to perform.

initialDelaySeconds

integer

Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

periodSeconds

integer

How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.

successThreshold

integer

Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

tcpSocket

TCPSocketAction

TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported

timeoutSeconds

integer

Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

TCPSocketAction [v1/core]

The following table describes the parameters for TCPSocketAction object:

Field Type Description

host

string

Optional: Host name to connect to, defaults to the pod IP.

port

Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

HTTPGetAction [v1/core]

The following table describes the parameters for HTTPGetAction object:

Field Type Description

host

string

Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.

httpHeaders

HTTPHeader array

Custom headers to set in the request. HTTP allows repeated headers.

path

string

Path to access on the HTTP server.

port

Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

scheme

string

Scheme to use for connecting to the host. Defaults to HTTP.

HTTPHeader [v1/core]

The following table describes the parameters for HTTPHeader object:

Field Type Description

name

string

The header field name

value

string

The header field value

ExecAction [v1/core]

The following table describes the parameters for ExecAction object:

Field Type Description

command

string array

Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('

Lifecycle [v1/core]

The following table describes the parameters for Lifecycle object:

Field Type Description

postStart

Handler

PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

preStop

Handler

PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod’s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod’s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

Handler [v1/core]

The following table describes the parameters for Handler object:

Field Type Description

exec

ExecAction

One and only one of the following should be specified. Exec specifies the action to take.

httpGet

HTTPGetAction

HTTPGet specifies the http request to perform.

tcpSocket

TCPSocketAction

TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported

EnvFromSource [v1/core]

The following table describes the parameters for EnvFromSource object:

Field Type Description

configMapRef

ConfigMapEnvSource

The ConfigMap to select from

prefix

string

An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.

secretRef

SecretEnvSource

The Secret to select from

SecretEnvSource [v1/core]

The following table describes the parameters for SecretEnvSource object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret must be defined

ConfigMapEnvSource [v1/core]

The following table describes the parameters for ConfigMapEnvSource object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap must be defined

EnvVar [v1/core]

The following table describes the parameters for EnvVar object:

Field Type Description

name

string

Name of the environment variable. Must be a C_IDENTIFIER.

value

string

Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".

valueFrom

EnvVarSource

Source for the environment variable’s value. Cannot be used if value is not empty.

EnvVarSource [v1/core]

The following table describes the parameters for EnvVarSource object:

Field Type Description

configMapKeyRef

ConfigMapKeySelector

Selects a key of a ConfigMap.

fieldRef

ObjectFieldSelector

Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP.

resourceFieldRef

ResourceFieldSelector

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.

secretKeyRef

SecretKeySelector

Selects a key of a secret in the pod’s namespace

SecretKeySelector [v1/core]

The following table describes the parameters for SecretKeySelector object:

Field Type Description

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

ConfigMapKeySelector [v1/core]

The following table describes the parameters for ConfigMapKeySelector object:

Field Type Description

key

string

The key to select.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its key must be defined

PodDNSConfig [v1/core]

The following table describes the parameters for PodDNSConfig object:

Field Type Description

nameservers

string array

A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.

options

PodDNSConfigOption array

A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.

searches

string array

A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.

PodDNSConfigOption [v1/core]

The following table describes the parameters for PodDNSConfigOption object:

Field Type Description

name

string

Required.

value

string

Container [v1/core]

The following table describes the parameters for Container object:

Field Type Description

args

string array

Arguments to the entrypoint. The docker image’s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

command

string array

Entrypoint array. Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

env

EnvVar array

List of environment variables to set in the container. Cannot be updated.

envFrom

EnvFromSource array

List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.

image

string

Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.

imagePullPolicy

string

Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images

lifecycle

Lifecycle

Actions that the management system should take in response to container lifecycle events. Cannot be updated.

livenessProbe

Probe

Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

name

string

Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.

ports

ContainerPort array

List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated.

readinessProbe

Probe

Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

resources

ResourceRequirements

Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

securityContext

SecurityContext

Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

startupProbe

Probe

StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod’s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is an alpha feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

stdin

boolean

Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.

stdinOnce

boolean

Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false

terminationMessagePath

string

Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.

terminationMessagePolicy

string

Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.

tty

boolean

Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.

volumeDevices

VolumeDevice array

volumeDevices is the list of block devices to be used by the container. This is a beta feature.

volumeMounts

VolumeMount array

Pod volumes to mount into the container’s filesystem. Cannot be updated.

workingDir

string

Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.

Affinity [v1/core]

The following table describes the parameters for Affinity object:

Field Type Description

nodeAffinity

NodeAffinity

Describes node affinity scheduling rules for the pod.

podAffinity

PodAffinity

Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).

podAntiAffinity

PodAntiAffinity

Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).

PodAntiAffinity [v1/core]

The following table describes the parameters for PodAntiAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

WeightedPodAffinityTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

PodAffinityTerm array

If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

PodAffinityTerm [v1/core]

The following table describes the parameters for PodAffinityTerm object:

Field Type Description

labelSelector

LabelSelector

A label query over a set of resources, in this case pods.

namespaces

string array

namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod’s namespace"

topologyKey

string

This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.

WeightedPodAffinityTerm [v1/core]

The following table describes the parameters for WeightedPodAffinityTerm object:

Field Type Description

podAffinityTerm

PodAffinityTerm

Required. A pod affinity term, associated with the corresponding weight.

weight

integer

weight associated with matching the corresponding podAffinityTerm, in the range 1-100.

PodAffinity [v1/core]

The following table describes the parameters for PodAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

WeightedPodAffinityTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

PodAffinityTerm array

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

NodeAffinity [v1/core]

The following table describes the parameters for NodeAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

PreferredSchedulingTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

NodeSelector

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.

NodeSelector [v1/core]

The following table describes the parameters for NodeSelector object:

Field Type Description

nodeSelectorTerms

NodeSelectorTerm array

Required. A list of node selector terms. The terms are ORed.

NodeSelectorTerm [v1/core]

The following table describes the parameters for NodeSelectorTerm object:

Field Type Description

matchExpressions

NodeSelectorRequirement array

A list of node selector requirements by node’s labels.

matchFields

NodeSelectorRequirement array

A list of node selector requirements by node’s fields.

NodeSelectorRequirement [v1/core]

The following table describes the parameters for NodeSelectorRequirement object:

Field Type Description

key

string

The label key that the selector applies to.

operator

string

Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.

values

string array

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.

PreferredSchedulingTerm [v1/core]

The following table describes the parameters for PreferredSchedulingTerm object:

Field Type Description

preference

NodeSelectorTerm

A node selector term, associated with the corresponding weight.

weight

integer

Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a ReplicaSet

HTTP request

post /apis/extensions/v1beta1/namespaces/{namespace}/replicasets

Table 1610. HTTP body
Object	Type
`body`	ReplicaSet

Table 1611. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1612. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1613. HTTP responses
Code	Type
200 - OK	ReplicaSet
201 - Created	ReplicaSet
202 - Accepted	ReplicaSet

Patch

partially update the specified ReplicaSet

HTTP request

patch /apis/extensions/v1beta1/namespaces/{namespace}/replicasets/{name}

Table 1614. HTTP body
Object	Type
`body`	Patch

Table 1615. Path parameters
Parameter	Description
`name`	name of the ReplicaSet
`namespace`	object name and auth scope, such as for teams and projects

Table 1616. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1617. HTTP responses
Code	Type
200 - OK	ReplicaSet

Replace

replace the specified ReplicaSet

HTTP request

put /apis/extensions/v1beta1/namespaces/{namespace}/replicasets/{name}

Table 1618. HTTP body
Object	Type
`body`	ReplicaSet

Table 1619. Path parameters
Parameter	Description
`name`	name of the ReplicaSet
`namespace`	object name and auth scope, such as for teams and projects

Table 1620. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1621. HTTP responses
Code	Type
200 - OK	ReplicaSet
201 - Created	ReplicaSet

Delete

delete a ReplicaSet

HTTP request

delete /apis/extensions/v1beta1/namespaces/{namespace}/replicasets/{name}

Table 1622. HTTP body
Object	Type
`body`	DeleteOptions

Table 1623. Path parameters
Parameter	Description
`name`	name of the ReplicaSet
`namespace`	object name and auth scope, such as for teams and projects

Table 1624. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 1625. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of ReplicaSet

HTTP request

delete /apis/extensions/v1beta1/namespaces/{namespace}/replicasets

Table 1626. HTTP body
Object	Type
`body`	DeleteOptions

Table 1627. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1628. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1629. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified ReplicaSet

HTTP request

get /apis/extensions/v1beta1/namespaces/{namespace}/replicasets/{name}

Table 1630. Path parameters
Parameter	Description
`name`	name of the ReplicaSet
`namespace`	object name and auth scope, such as for teams and projects

Table 1631. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 1632. HTTP responses
Code	Type
200 - OK	ReplicaSet

List

list or watch objects of kind ReplicaSet

HTTP request

get /apis/extensions/v1beta1/namespaces/{namespace}/replicasets

Table 1633. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1634. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1635. HTTP responses
Code	Type
200 - OK	ReplicaSetList

List All Namespaces

list or watch objects of kind ReplicaSet

HTTP request

get /apis/extensions/v1beta1/replicasets

Table 1636. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1637. HTTP responses
Code	Type
200 - OK	ReplicaSetList

Watch

watch changes to an object of kind ReplicaSet. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /apis/extensions/v1beta1/watch/namespaces/{namespace}/replicasets/{name}

Table 1638. Path parameters
Parameter	Description
`name`	name of the ReplicaSet
`namespace`	object name and auth scope, such as for teams and projects

Table 1639. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1640. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of ReplicaSet. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/extensions/v1beta1/watch/namespaces/{namespace}/replicasets

Table 1641. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1642. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1643. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List All Namespaces

watch individual changes to a list of ReplicaSet. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/extensions/v1beta1/watch/replicasets

Table 1644. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1645. HTTP responses
Code	Type
200 - OK	WatchEvent

Status Operations

Patch Status

partially update status of the specified ReplicaSet

HTTP request

patch /apis/extensions/v1beta1/namespaces/{namespace}/replicasets/{name}/status

Table 1646. HTTP body
Object	Type
`body`	Patch

Table 1647. Path parameters
Parameter	Description
`name`	name of the ReplicaSet
`namespace`	object name and auth scope, such as for teams and projects

Table 1648. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1649. HTTP responses
Code	Type
200 - OK	ReplicaSet

Read Status

read status of the specified ReplicaSet

HTTP request

get /apis/extensions/v1beta1/namespaces/{namespace}/replicasets/{name}/status

Table 1650. Path parameters
Parameter	Description
`name`	name of the ReplicaSet
`namespace`	object name and auth scope, such as for teams and projects

Table 1651. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 1652. HTTP responses
Code	Type
200 - OK	ReplicaSet

Replace Status

replace status of the specified ReplicaSet

HTTP request

put /apis/extensions/v1beta1/namespaces/{namespace}/replicasets/{name}/status

Table 1653. HTTP body
Object	Type
`body`	ReplicaSet

Table 1654. Path parameters
Parameter	Description
`name`	name of the ReplicaSet
`namespace`	object name and auth scope, such as for teams and projects

Table 1655. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1656. HTTP responses
Code	Type
200 - OK	ReplicaSet
201 - Created	ReplicaSet

Misc Operations

Read Scale

read scale of the specified ReplicaSet

HTTP request

get /apis/extensions/v1beta1/namespaces/{namespace}/replicasets/{name}/scale

Table 1657. Path parameters
Parameter	Description
`name`	name of the Scale
`namespace`	object name and auth scope, such as for teams and projects

Table 1658. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 1659. HTTP responses
Code	Type
200 - OK	Scale

Replace Scale

replace scale of the specified ReplicaSet

HTTP request

put /apis/extensions/v1beta1/namespaces/{namespace}/replicasets/{name}/scale

Table 1660. HTTP body
Object	Type
`body`	Scale

Table 1661. Path parameters
Parameter	Description
`name`	name of the Scale
`namespace`	object name and auth scope, such as for teams and projects

Table 1662. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1663. HTTP responses
Code	Type
200 - OK	Scale
201 - Created	Scale

Patch Scale

partially update scale of the specified ReplicaSet

HTTP request

patch /apis/extensions/v1beta1/namespaces/{namespace}/replicasets/{name}/scale

Table 1664. HTTP body
Object	Type
`body`	Patch

Table 1665. Path parameters
Parameter	Description
`name`	name of the Scale
`namespace`	object name and auth scope, such as for teams and projects

Table 1666. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1667. HTTP responses
Code	Type
200 - OK	Scale

Image v1 image.openshift.io

Appears in

ImageImportStatus [image.openshift.io/v1]
ImageList [image.openshift.io/v1]
ImageStreamImage [image.openshift.io/v1]
ImageStreamMapping [image.openshift.io/v1]
ImageStreamTag [image.openshift.io/v1]

Definitions

Image [v1/image.openshift.io]

The following table describes the parameters for the Image object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

dockerImageConfig

string

DockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2.

dockerImageLayers

ImageLayer array

DockerImageLayers represents the layers in the image. May not be set if the image does not define that data.

dockerImageManifest

string

DockerImageManifest is the raw JSON of the manifest

dockerImageManifestMediaType

string

DockerImageManifestMediaType specifies the mediaType of manifest. This is a part of manifest schema v2.

dockerImageMetadata

DockerImageMetadata contains metadata about this image

dockerImageMetadataVersion

string

DockerImageMetadataVersion conveys the version of the object, which if empty defaults to "1.0"

dockerImageReference

string

DockerImageReference is the string that can be used to pull this image.

dockerImageSignatures

string array

DockerImageSignatures provides the signatures as opaque blobs. This is a part of manifest schema v1.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

signatures

ImageSignature array

Signatures holds all signatures of the image.

ImageList [v1/image.openshift.io]

The following table describes the parameters for ImageList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Image array

Items is a list of images

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

ImageSignature [v1/image.openshift.io]

The following table describes the parameters for ImageSignature object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

conditions

SignatureCondition array

Conditions represent the latest available observations of a signature’s current state.

content

string

Required: An opaque binary string which is an image’s signature.

created

Time

If specified, it is the time of signature’s creation.

imageIdentity

string

A human readable string representing image’s identity. It could be a product name and version, or an image pull spec (e.g. "registry.access.redhat.com/rhel7/rhel:7.2").

issuedBy

SignatureIssuer

If specified, it holds information about an issuer of signing certificate or key (a person or entity who signed the signing certificate or key).

issuedTo

SignatureSubject

If specified, it holds information about a subject of signing certificate or key (a person or entity who signed the image).

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

signedClaims

object

Contains claims from the signature.

type

string

Required: Describes a type of stored blob.

ObjectMeta_v2 [v1/meta]

The following table describes the parameters for ObjectMeta_v2 object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

SignatureSubject [v1/image.openshift.io]

The following table describes the parameters for SignatureSubject object:

Field Type Description

commonName

string

Common name (e.g. openshift-signing-service).

organization

string

Organization name.

publicKeyID

string

If present, it is a human readable key id of public key belonging to the subject used to verify image signature. It should contain at least 64 lowest bits of public key’s fingerprint (e.g. 0x685ebe62bf278440).

SignatureIssuer [v1/image.openshift.io]

The following table describes the parameters for SignatureIssuer object:

Field Type Description

commonName

string

Common name (e.g. openshift-signing-service).

organization

string

Organization name.

SignatureCondition [v1/image.openshift.io]

The following table describes the parameters for SignatureCondition object:

Field Type Description

lastProbeTime

Time

Last time the condition was checked.

lastTransitionTime

Time

Last time the condition transit from one status to another.

message

string

Human readable message indicating details about last transition.

reason

string

(brief) reason for the condition’s last transition.

status

string

Status of the condition, one of True, False, Unknown.

type

string

Type of signature condition, Complete or Failed.

ImageLayer [v1/image.openshift.io]

The following table describes the parameters for ImageLayer object:

Field Type Description

mediaType

string

MediaType of the referenced object.

name

string

Name of the layer as defined by the underlying store.

size

integer

Size of the layer in bytes as defined by the underlying store.

Operations

ImageSignature v1 image.openshift.io

Appears in

Image [image.openshift.io/v1]

Definitions

ImageSignature [v1/image.openshift.io]

The following table describes the parameters for the ImageSignature object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

conditions

SignatureCondition array

Conditions represent the latest available observations of a signature’s current state.

content

string

Required: An opaque binary string which is an image’s signature.

created

Time

If specified, it is the time of signature’s creation.

imageIdentity

string

A human readable string representing image’s identity. It could be a product name and version, or an image pull spec (e.g. "registry.access.redhat.com/rhel7/rhel:7.2").

issuedBy

SignatureIssuer

If specified, it holds information about an issuer of signing certificate or key (a person or entity who signed the signing certificate or key).

issuedTo

SignatureSubject

If specified, it holds information about a subject of signing certificate or key (a person or entity who signed the image).

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

signedClaims

object

Contains claims from the signature.

type

string

Required: Describes a type of stored blob.

ObjectMeta_v2 [v1/meta]

The following table describes the parameters for ObjectMeta_v2 object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

SignatureSubject [v1/image.openshift.io]

The following table describes the parameters for SignatureSubject object:

Field Type Description

commonName

string

Common name (e.g. openshift-signing-service).

organization

string

Organization name.

publicKeyID

string

If present, it is a human readable key id of public key belonging to the subject used to verify image signature. It should contain at least 64 lowest bits of public key’s fingerprint (e.g. 0x685ebe62bf278440).

SignatureIssuer [v1/image.openshift.io]

The following table describes the parameters for SignatureIssuer object:

Field Type Description

commonName

string

Common name (e.g. openshift-signing-service).

organization

string

Organization name.

SignatureCondition [v1/image.openshift.io]

The following table describes the parameters for SignatureCondition object:

Field Type Description

lastProbeTime

Time

Last time the condition was checked.

lastTransitionTime

Time

Last time the condition transit from one status to another.

message

string

Human readable message indicating details about last transition.

reason

string

(brief) reason for the condition’s last transition.

status

string

Status of the condition, one of True, False, Unknown.

type

string

Type of signature condition, Complete or Failed.

Operations

ImageStream v1 image.openshift.io

Appears in

ImageStreamImportStatus [image.openshift.io/v1]
ImageStreamList [image.openshift.io/v1]

Definitions

ImageStream [v1/image.openshift.io]

The following table describes the parameters for the ImageStream object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

spec

ImageStreamSpec

Spec describes the desired state of this stream

status

ImageStreamStatus

Status describes the current state of this stream

ImageStreamSpec [v1/image.openshift.io]

The following table describes the parameters for ImageStreamSpec object:

Field Type Description

dockerImageRepository

string

dockerImageRepository is optional, if specified this stream is backed by a container repository on this server Deprecated: This field is deprecated as of v3.7 and will be removed in a future release. Specify the source for the tags to be imported in each tag via the spec.tags.from reference instead.

lookupPolicy

ImageLookupPolicy

lookupPolicy controls how other resources reference images within this namespace.

tags

TagReference array

tags map arbitrary string values to specific image locators

ImageStreamStatus [v1/image.openshift.io]

The following table describes the parameters for ImageStreamStatus object:

Field Type Description

dockerImageRepository

string

DockerImageRepository represents the effective location this stream may be accessed at. May be empty until the server determines where the repository is located

publicDockerImageRepository

string

PublicDockerImageRepository represents the public location from where the image can be pulled outside the cluster. This field may be empty if the administrator has not exposed the integrated registry externally.

tags

NamedTagEventList array

Tags are a historical record of images associated with each tag. The first entry in the TagEvent array is the currently tagged image.

ImageStreamList [v1/image.openshift.io]

The following table describes the parameters for ImageStreamList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

ImageStream array

Items is a list of imageStreams

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

NamedTagEventList [v1/image.openshift.io]

The following table describes the parameters for NamedTagEventList object:

Field Type Description

conditions

TagEventCondition array

Conditions is an array of conditions that apply to the tag event list.

items

TagEvent array

Standard object’s metadata.

tag

string

Tag is the tag for which the history is recorded

TagEvent [v1/image.openshift.io]

The following table describes the parameters for TagEvent object:

Field Type Description

created

Time

Created holds the time the TagEvent was created

dockerImageReference

string

DockerImageReference is the string that can be used to pull this image

generation

integer

Generation is the spec tag generation that resulted in this tag being updated

image

string

Image is the image

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

TagEventCondition [v1/image.openshift.io]

The following table describes the parameters for TagEventCondition object:

Field Type Description

generation

integer

Generation is the spec tag generation that this status corresponds to

lastTransitionTime

Time

LastTransitionTIme is the time the condition transitioned from one status to another.

message

string

Message is a human readable description of the details about last transition, complementing reason.

reason

string

Reason is a brief machine readable explanation for the condition’s last transition.

status

string

Status of the condition, one of True, False, Unknown.

type

string

Type of tag event condition, currently only ImportSuccess

TagReference [v1/image.openshift.io]

The following table describes the parameters for TagReference object:

Field Type Description

annotations

object

Optional; if specified, annotations that are applied to images retrieved via ImageStreamTags.

from

ObjectReference

Optional; if specified, a reference to another image that this tag should point to. Valid values are ImageStreamTag, ImageStreamImage, and DockerImage. ImageStreamTag references can only reference a tag within this same ImageStream.

generation

integer

Generation is a counter that tracks mutations to the spec tag (user intent). When a tag reference is changed the generation is set to match the current stream generation (which is incremented every time spec is changed). Other processes in the system like the image importer observe that the generation of spec tag is newer than the generation recorded in the status and use that as a trigger to import the newest remote tag. To trigger a new import, clients may set this value to zero which will reset the generation to the latest stream generation. Legacy clients will send this value as nil which will be merged with the current tag generation.

importPolicy

TagImportPolicy

ImportPolicy is information that controls how images may be imported by the server.

name

string

Name of the tag

reference

boolean

Reference states if the tag will be imported. Default value is false, which means the tag will be imported.

referencePolicy

TagReferencePolicy

ReferencePolicy defines how other components should consume the image.

TagReferencePolicy [v1/image.openshift.io]

The following table describes the parameters for TagReferencePolicy object:

Field Type Description

type

string

Type determines how the image pull spec should be transformed when the image stream tag is used in deployment config triggers or new builds. The default value is Source, indicating the original location of the image should be used (if imported). The user may also specify Local, indicating that the pull spec should point to the integrated container image registry and leverage the registry’s ability to proxy the pull to an upstream registry. Local allows the credentials used to pull this image to be managed from the image stream’s namespace, so others on the platform can access a remote image but have no access to the remote secret. It also allows the image layers to be mirrored into the local registry which the images can still be pulled even if the upstream registry is unavailable.

TagImportPolicy [v1/image.openshift.io]

The following table describes the parameters for TagImportPolicy object:

Field Type Description

insecure

boolean

Insecure is true if the server may bypass certificate verification or connect directly over HTTP during image import.

scheduled

boolean

Scheduled indicates to the server that this tag should be periodically checked to ensure it is up to date, and imported

ObjectReference [v1/core]

The following table describes the parameters for ObjectReference object:

Field Type Description

apiVersion

string

API version of the referent.

fieldPath

string

If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

ImageLookupPolicy [v1/image.openshift.io]

The following table describes the parameters for ImageLookupPolicy object:

Field Type Description

local

boolean

local will change the docker short image references (like "mysql" or "php:latest") on objects in this namespace to the image ID whenever they match this image stream, instead of reaching out to a remote registry. The name will be fully qualified to an image ID if found. The tag’s referencePolicy is taken into account on the replaced value. Only works within the current namespace.

ObjectMeta_v2 [v1/meta]

The following table describes the parameters for ObjectMeta_v2 object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

ImageStreamImage v1 image.openshift.io

Definitions

ImageStreamImage [v1/image.openshift.io]

The following table describes the parameters for the ImageStreamImage object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

image

Image

Image associated with the ImageStream and image name.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

ObjectMeta_v2 [v1/meta]

The following table describes the parameters for ObjectMeta_v2 object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Image [v1/image.openshift.io]

The following table describes the parameters for Image object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

dockerImageConfig

string

DockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2.

dockerImageLayers

ImageLayer array

DockerImageLayers represents the layers in the image. May not be set if the image does not define that data.

dockerImageManifest

string

DockerImageManifest is the raw JSON of the manifest

dockerImageManifestMediaType

string

DockerImageManifestMediaType specifies the mediaType of manifest. This is a part of manifest schema v2.

dockerImageMetadata

DockerImageMetadata contains metadata about this image

dockerImageMetadataVersion

string

DockerImageMetadataVersion conveys the version of the object, which if empty defaults to "1.0"

dockerImageReference

string

DockerImageReference is the string that can be used to pull this image.

dockerImageSignatures

string array

DockerImageSignatures provides the signatures as opaque blobs. This is a part of manifest schema v1.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

signatures

ImageSignature array

Signatures holds all signatures of the image.

ImageSignature [v1/image.openshift.io]

The following table describes the parameters for ImageSignature object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

conditions

SignatureCondition array

Conditions represent the latest available observations of a signature’s current state.

content

string

Required: An opaque binary string which is an image’s signature.

created

Time

If specified, it is the time of signature’s creation.

imageIdentity

string

A human readable string representing image’s identity. It could be a product name and version, or an image pull spec (e.g. "registry.access.redhat.com/rhel7/rhel:7.2").

issuedBy

SignatureIssuer

If specified, it holds information about an issuer of signing certificate or key (a person or entity who signed the signing certificate or key).

issuedTo

SignatureSubject

If specified, it holds information about a subject of signing certificate or key (a person or entity who signed the image).

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

signedClaims

object

Contains claims from the signature.

type

string

Required: Describes a type of stored blob.

SignatureSubject [v1/image.openshift.io]

The following table describes the parameters for SignatureSubject object:

Field Type Description

commonName

string

Common name (e.g. openshift-signing-service).

organization

string

Organization name.

publicKeyID

string

If present, it is a human readable key id of public key belonging to the subject used to verify image signature. It should contain at least 64 lowest bits of public key’s fingerprint (e.g. 0x685ebe62bf278440).

SignatureIssuer [v1/image.openshift.io]

The following table describes the parameters for SignatureIssuer object:

Field Type Description

commonName

string

Common name (e.g. openshift-signing-service).

organization

string

Organization name.

SignatureCondition [v1/image.openshift.io]

The following table describes the parameters for SignatureCondition object:

Field Type Description

lastProbeTime

Time

Last time the condition was checked.

lastTransitionTime

Time

Last time the condition transit from one status to another.

message

string

Human readable message indicating details about last transition.

reason

string

(brief) reason for the condition’s last transition.

status

string

Status of the condition, one of True, False, Unknown.

type

string

Type of signature condition, Complete or Failed.

ImageLayer [v1/image.openshift.io]

The following table describes the parameters for ImageLayer object:

Field Type Description

mediaType

string

MediaType of the referenced object.

name

string

Name of the layer as defined by the underlying store.

size

integer

Size of the layer in bytes as defined by the underlying store.

Operations

ImageStreamImport v1 image.openshift.io

Definitions

ImageStreamImport [v1/image.openshift.io]

The following table describes the parameters for the ImageStreamImport object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

spec

ImageStreamImportSpec

Spec is a description of the images that the user wishes to import

status

ImageStreamImportStatus

Status is the result of importing the image

ImageStreamImportSpec [v1/image.openshift.io]

The following table describes the parameters for ImageStreamImportSpec object:

Field Type Description

images

ImageImportSpec array

Images are a list of individual images to import.

import

boolean

Import indicates whether to perform an import - if so, the specified tags are set on the spec and status of the image stream defined by the type meta.

repository

RepositoryImportSpec

Repository is an optional import of an entire container image repository. A maximum limit on the number of tags imported this way is imposed by the server.

ImageStreamImportStatus [v1/image.openshift.io]

The following table describes the parameters for ImageStreamImportStatus object:

Field Type Description

images

ImageImportStatus array

Images is set with the result of importing spec.images

import

ImageStream

Import is the image stream that was successfully updated or created when 'to' was set.

repository

RepositoryImportStatus

Repository is set if spec.repository was set to the outcome of the import

RepositoryImportStatus [v1/image.openshift.io]

The following table describes the parameters for RepositoryImportStatus object:

Field Type Description

additionalTags

string array

AdditionalTags are tags that exist in the repository but were not imported because a maximum limit of automatic imports was applied.

images

ImageImportStatus array

Images is a list of images successfully retrieved by the import of the repository.

status

Status

Status reflects whether any failure occurred during import

Status [v1/meta]

The following table describes the parameters for Status object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

code

integer

Suggested HTTP return code for this status, 0 if not set.

details

StatusDetails

Extended data associated with the reason. Each reason may define its own extended details. This field is optional and the data returned is not guaranteed to conform to any schema except that defined by the reason type.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

message

string

A human-readable description of the status of this operation.

metadata

ListMeta

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

reason

string

A machine-readable description of why this operation is in the "Failure" status. If this value is empty there is no information available. A Reason clarifies an HTTP status code but does not override it.

status

string

Status of the operation. One of: "Success" or "Failure". More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

ListMeta [v1/meta]

The following table describes the parameters for ListMeta object:

Field Type Description

continue

string

continue may be set if the user set a limit on the number of items returned, and indicates that the server has more data available. The value is opaque and may be used to issue another request to the endpoint that served this list to retrieve the next set of available objects. Continuing a consistent list may not be possible if the server configuration has changed or more than a few minutes have passed. The resourceVersion field returned when using this continue value will be identical to the value in the first response, unless you have received this token from an error message.

remainingItemCount

integer

remainingItemCount is the number of subsequent items in the list which are not included in this list response. If the list request contained label or field selectors, then the number of remaining items is unknown and the field will be left unset and omitted during serialization. If the list is complete (either because it is not chunking or because this is the last chunk), then there are no more remaining items and this field will be left unset and omitted during serialization. Servers older than v1.15 do not set this field. The intended use of the remainingItemCount is estimating the size of a collection. Clients should not rely on the remainingItemCount to be set or to be exact.

resourceVersion

string

String that identifies the server’s internal version of this object that can be used by clients to determine when objects have changed. Value must be treated as opaque by clients and passed unmodified back to the server. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

selfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

StatusDetails [v1/meta]

The following table describes the parameters for StatusDetails object:

Field Type Description

causes

StatusCause array

The Causes array includes more details associated with the StatusReason failure. Not all StatusReasons may provide detailed causes.

group

string

The group attribute of the resource associated with the status StatusReason.

kind

string

The kind attribute of the resource associated with the status StatusReason. On some operations may differ from the requested resource Kind. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

The name attribute of the resource associated with the status StatusReason (when there is a single name which can be described).

retryAfterSeconds

integer

If specified, the time in seconds before the operation should be retried. Some errors may indicate the client must take an alternate action - for those errors this field may indicate how long to wait before taking the alternate action.

uid

string

UID of the resource. (when there is a single resource which can be described). More info: http://kubernetes.io/docs/user-guide/identifiers#uids

StatusCause [v1/meta]

The following table describes the parameters for StatusCause object:

Field Type Description

field

string

The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional.

Examples: "name" - the field "name" on the current resource "items[0].name" - the field "name" on the first array entry in "items"

message

string

A human-readable description of the cause of the error. This field may be presented as-is to a reader.

reason

string

A machine-readable description of the cause of the error. If this value is empty there is no information available.

ImageImportStatus [v1/image.openshift.io]

The following table describes the parameters for ImageImportStatus object:

Field Type Description

image

Image

Image is the metadata of that image, if the image was located

status

Status

Status is the status of the image import, including errors encountered while retrieving the image

tag

string

Tag is the tag this image was located under, if any

Image [v1/image.openshift.io]

The following table describes the parameters for Image object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

dockerImageConfig

string

DockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2.

dockerImageLayers

ImageLayer array

DockerImageLayers represents the layers in the image. May not be set if the image does not define that data.

dockerImageManifest

string

DockerImageManifest is the raw JSON of the manifest

dockerImageManifestMediaType

string

DockerImageManifestMediaType specifies the mediaType of manifest. This is a part of manifest schema v2.

dockerImageMetadata

DockerImageMetadata contains metadata about this image

dockerImageMetadataVersion

string

DockerImageMetadataVersion conveys the version of the object, which if empty defaults to "1.0"

dockerImageReference

string

DockerImageReference is the string that can be used to pull this image.

dockerImageSignatures

string array

DockerImageSignatures provides the signatures as opaque blobs. This is a part of manifest schema v1.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

signatures

ImageSignature array

Signatures holds all signatures of the image.

ImageSignature [v1/image.openshift.io]

The following table describes the parameters for ImageSignature object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

conditions

SignatureCondition array

Conditions represent the latest available observations of a signature’s current state.

content

string

Required: An opaque binary string which is an image’s signature.

created

Time

If specified, it is the time of signature’s creation.

imageIdentity

string

A human readable string representing image’s identity. It could be a product name and version, or an image pull spec (e.g. "registry.access.redhat.com/rhel7/rhel:7.2").

issuedBy

SignatureIssuer

If specified, it holds information about an issuer of signing certificate or key (a person or entity who signed the signing certificate or key).

issuedTo

SignatureSubject

If specified, it holds information about a subject of signing certificate or key (a person or entity who signed the image).

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

signedClaims

object

Contains claims from the signature.

type

string

Required: Describes a type of stored blob.

ObjectMeta_v2 [v1/meta]

The following table describes the parameters for ObjectMeta_v2 object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

SignatureSubject [v1/image.openshift.io]

The following table describes the parameters for SignatureSubject object:

Field Type Description

commonName

string

Common name (e.g. openshift-signing-service).

organization

string

Organization name.

publicKeyID

string

If present, it is a human readable key id of public key belonging to the subject used to verify image signature. It should contain at least 64 lowest bits of public key’s fingerprint (e.g. 0x685ebe62bf278440).

SignatureIssuer [v1/image.openshift.io]

The following table describes the parameters for SignatureIssuer object:

Field Type Description

commonName

string

Common name (e.g. openshift-signing-service).

organization

string

Organization name.

SignatureCondition [v1/image.openshift.io]

The following table describes the parameters for SignatureCondition object:

Field Type Description

lastProbeTime

Time

Last time the condition was checked.

lastTransitionTime

Time

Last time the condition transit from one status to another.

message

string

Human readable message indicating details about last transition.

reason

string

(brief) reason for the condition’s last transition.

status

string

Status of the condition, one of True, False, Unknown.

type

string

Type of signature condition, Complete or Failed.

ImageLayer [v1/image.openshift.io]

The following table describes the parameters for ImageLayer object:

Field Type Description

mediaType

string

MediaType of the referenced object.

name

string

Name of the layer as defined by the underlying store.

size

integer

Size of the layer in bytes as defined by the underlying store.

ImageStream [v1/image.openshift.io]

The following table describes the parameters for ImageStream object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

spec

ImageStreamSpec

Spec describes the desired state of this stream

status

ImageStreamStatus

Status describes the current state of this stream

ImageStreamStatus [v1/image.openshift.io]

The following table describes the parameters for ImageStreamStatus object:

Field Type Description

dockerImageRepository

string

DockerImageRepository represents the effective location this stream may be accessed at. May be empty until the server determines where the repository is located

publicDockerImageRepository

string

PublicDockerImageRepository represents the public location from where the image can be pulled outside the cluster. This field may be empty if the administrator has not exposed the integrated registry externally.

tags

NamedTagEventList array

Tags are a historical record of images associated with each tag. The first entry in the TagEvent array is the currently tagged image.

NamedTagEventList [v1/image.openshift.io]

The following table describes the parameters for NamedTagEventList object:

Field Type Description

conditions

TagEventCondition array

Conditions is an array of conditions that apply to the tag event list.

items

TagEvent array

Standard object’s metadata.

tag

string

Tag is the tag for which the history is recorded

TagEvent [v1/image.openshift.io]

The following table describes the parameters for TagEvent object:

Field Type Description

created

Time

Created holds the time the TagEvent was created

dockerImageReference

string

DockerImageReference is the string that can be used to pull this image

generation

integer

Generation is the spec tag generation that resulted in this tag being updated

image

string

Image is the image

TagEventCondition [v1/image.openshift.io]

The following table describes the parameters for TagEventCondition object:

Field Type Description

generation

integer

Generation is the spec tag generation that this status corresponds to

lastTransitionTime

Time

LastTransitionTIme is the time the condition transitioned from one status to another.

message

string

Message is a human readable description of the details about last transition, complementing reason.

reason

string

Reason is a brief machine readable explanation for the condition’s last transition.

status

string

Status of the condition, one of True, False, Unknown.

type

string

Type of tag event condition, currently only ImportSuccess

ImageStreamSpec [v1/image.openshift.io]

The following table describes the parameters for ImageStreamSpec object:

Field Type Description

dockerImageRepository

string

dockerImageRepository is optional, if specified this stream is backed by a container repository on this server Deprecated: This field is deprecated as of v3.7 and will be removed in a future release. Specify the source for the tags to be imported in each tag via the spec.tags.from reference instead.

lookupPolicy

ImageLookupPolicy

lookupPolicy controls how other resources reference images within this namespace.

tags

TagReference array

tags map arbitrary string values to specific image locators

TagReference [v1/image.openshift.io]

The following table describes the parameters for TagReference object:

Field Type Description

annotations

object

Optional; if specified, annotations that are applied to images retrieved via ImageStreamTags.

from

ObjectReference

Optional; if specified, a reference to another image that this tag should point to. Valid values are ImageStreamTag, ImageStreamImage, and DockerImage. ImageStreamTag references can only reference a tag within this same ImageStream.

generation

integer

Generation is a counter that tracks mutations to the spec tag (user intent). When a tag reference is changed the generation is set to match the current stream generation (which is incremented every time spec is changed). Other processes in the system like the image importer observe that the generation of spec tag is newer than the generation recorded in the status and use that as a trigger to import the newest remote tag. To trigger a new import, clients may set this value to zero which will reset the generation to the latest stream generation. Legacy clients will send this value as nil which will be merged with the current tag generation.

importPolicy

TagImportPolicy

ImportPolicy is information that controls how images may be imported by the server.

name

string

Name of the tag

reference

boolean

Reference states if the tag will be imported. Default value is false, which means the tag will be imported.

referencePolicy

TagReferencePolicy

ReferencePolicy defines how other components should consume the image.

TagReferencePolicy [v1/image.openshift.io]

The following table describes the parameters for TagReferencePolicy object:

Field Type Description

type

string

Type determines how the image pull spec should be transformed when the image stream tag is used in deployment config triggers or new builds. The default value is Source, indicating the original location of the image should be used (if imported). The user may also specify Local, indicating that the pull spec should point to the integrated container image registry and leverage the registry’s ability to proxy the pull to an upstream registry. Local allows the credentials used to pull this image to be managed from the image stream’s namespace, so others on the platform can access a remote image but have no access to the remote secret. It also allows the image layers to be mirrored into the local registry which the images can still be pulled even if the upstream registry is unavailable.

TagImportPolicy [v1/image.openshift.io]

The following table describes the parameters for TagImportPolicy object:

Field Type Description

insecure

boolean

Insecure is true if the server may bypass certificate verification or connect directly over HTTP during image import.

scheduled

boolean

Scheduled indicates to the server that this tag should be periodically checked to ensure it is up to date, and imported

ObjectReference [v1/core]

The following table describes the parameters for ObjectReference object:

Field Type Description

apiVersion

string

API version of the referent.

fieldPath

string

If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

ImageLookupPolicy [v1/image.openshift.io]

The following table describes the parameters for ImageLookupPolicy object:

Field Type Description

local

boolean

local will change the docker short image references (like "mysql" or "php:latest") on objects in this namespace to the image ID whenever they match this image stream, instead of reaching out to a remote registry. The name will be fully qualified to an image ID if found. The tag’s referencePolicy is taken into account on the replaced value. Only works within the current namespace.

RepositoryImportSpec [v1/image.openshift.io]

The following table describes the parameters for RepositoryImportSpec object:

Field Type Description

from

ObjectReference

From is the source for the image repository to import; only kind DockerImage and a name of a container image repository is allowed

importPolicy

TagImportPolicy

ImportPolicy is the policy controlling how the image is imported

includeManifest

boolean

IncludeManifest determines if the manifest for each image is returned in the response

referencePolicy

TagReferencePolicy

ReferencePolicy defines how other components should consume the image

ImageImportSpec [v1/image.openshift.io]

The following table describes the parameters for ImageImportSpec object:

Field Type Description

from

ObjectReference

From is the source of an image to import; only kind DockerImage is allowed

importPolicy

TagImportPolicy

ImportPolicy is the policy controlling how the image is imported

includeManifest

boolean

IncludeManifest determines if the manifest for each image is returned in the response

referencePolicy

TagReferencePolicy

ReferencePolicy defines how other components should consume the image

to

LocalObjectReference

To is a tag in the current image stream to assign the imported image to, if name is not specified the default tag from from.name will be used

LocalObjectReference [v1/core]

The following table describes the parameters for LocalObjectReference object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Operations

ImageStreamMapping v1 image.openshift.io

Definitions

ImageStreamMapping [v1/image.openshift.io]

The following table describes the parameters for the ImageStreamMapping object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

image

Image

Image is a container image.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

tag

string

Tag is a string value this image can be located with inside the stream.

ObjectMeta_v2 [v1/meta]

The following table describes the parameters for ObjectMeta_v2 object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Image [v1/image.openshift.io]

The following table describes the parameters for Image object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

dockerImageConfig

string

DockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2.

dockerImageLayers

ImageLayer array

DockerImageLayers represents the layers in the image. May not be set if the image does not define that data.

dockerImageManifest

string

DockerImageManifest is the raw JSON of the manifest

dockerImageManifestMediaType

string

DockerImageManifestMediaType specifies the mediaType of manifest. This is a part of manifest schema v2.

dockerImageMetadata

DockerImageMetadata contains metadata about this image

dockerImageMetadataVersion

string

DockerImageMetadataVersion conveys the version of the object, which if empty defaults to "1.0"

dockerImageReference

string

DockerImageReference is the string that can be used to pull this image.

dockerImageSignatures

string array

DockerImageSignatures provides the signatures as opaque blobs. This is a part of manifest schema v1.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

signatures

ImageSignature array

Signatures holds all signatures of the image.

ImageSignature [v1/image.openshift.io]

The following table describes the parameters for ImageSignature object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

conditions

SignatureCondition array

Conditions represent the latest available observations of a signature’s current state.

content

string

Required: An opaque binary string which is an image’s signature.

created

Time

If specified, it is the time of signature’s creation.

imageIdentity

string

A human readable string representing image’s identity. It could be a product name and version, or an image pull spec (e.g. "registry.access.redhat.com/rhel7/rhel:7.2").

issuedBy

SignatureIssuer

If specified, it holds information about an issuer of signing certificate or key (a person or entity who signed the signing certificate or key).

issuedTo

SignatureSubject

If specified, it holds information about a subject of signing certificate or key (a person or entity who signed the image).

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

signedClaims

object

Contains claims from the signature.

type

string

Required: Describes a type of stored blob.

SignatureSubject [v1/image.openshift.io]

The following table describes the parameters for SignatureSubject object:

Field Type Description

commonName

string

Common name (e.g. openshift-signing-service).

organization

string

Organization name.

publicKeyID

string

If present, it is a human readable key id of public key belonging to the subject used to verify image signature. It should contain at least 64 lowest bits of public key’s fingerprint (e.g. 0x685ebe62bf278440).

SignatureIssuer [v1/image.openshift.io]

The following table describes the parameters for SignatureIssuer object:

Field Type Description

commonName

string

Common name (e.g. openshift-signing-service).

organization

string

Organization name.

SignatureCondition [v1/image.openshift.io]

The following table describes the parameters for SignatureCondition object:

Field Type Description

lastProbeTime

Time

Last time the condition was checked.

lastTransitionTime

Time

Last time the condition transit from one status to another.

message

string

Human readable message indicating details about last transition.

reason

string

(brief) reason for the condition’s last transition.

status

string

Status of the condition, one of True, False, Unknown.

type

string

Type of signature condition, Complete or Failed.

ImageLayer [v1/image.openshift.io]

The following table describes the parameters for ImageLayer object:

Field Type Description

mediaType

string

MediaType of the referenced object.

name

string

Name of the layer as defined by the underlying store.

size

integer

Size of the layer in bytes as defined by the underlying store.

Operations

ImageStreamTag v1 image.openshift.io

Appears in

ImageStreamTagList [image.openshift.io/v1]

Definitions

ImageStreamTag [v1/image.openshift.io]

The following table describes the parameters for the ImageStreamTag object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

conditions

TagEventCondition array

conditions is an array of conditions that apply to the image stream tag.

generation

integer

generation is the current generation of the tagged image - if tag is provided and this value is not equal to the tag generation, a user has requested an import that has not completed, or conditions will be filled out indicating any error.

image

Image

image associated with the ImageStream and tag.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

lookupPolicy

ImageLookupPolicy

lookupPolicy indicates whether this tag will handle image references in this namespace.

metadata

ObjectMeta_v2

tag

TagReference

tag is the spec tag associated with this image stream tag, and it may be null if only pushes have occurred to this image stream.

ImageStreamTagList [v1/image.openshift.io]

The following table describes the parameters for ImageStreamTagList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

ImageStreamTag array

Items is the list of image stream tags

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

TagReference [v1/image.openshift.io]

The following table describes the parameters for TagReference object:

Field Type Description

annotations

object

Optional; if specified, annotations that are applied to images retrieved via ImageStreamTags.

from

ObjectReference

Optional; if specified, a reference to another image that this tag should point to. Valid values are ImageStreamTag, ImageStreamImage, and DockerImage. ImageStreamTag references can only reference a tag within this same ImageStream.

generation

integer

Generation is a counter that tracks mutations to the spec tag (user intent). When a tag reference is changed the generation is set to match the current stream generation (which is incremented every time spec is changed). Other processes in the system like the image importer observe that the generation of spec tag is newer than the generation recorded in the status and use that as a trigger to import the newest remote tag. To trigger a new import, clients may set this value to zero which will reset the generation to the latest stream generation. Legacy clients will send this value as nil which will be merged with the current tag generation.

importPolicy

TagImportPolicy

ImportPolicy is information that controls how images may be imported by the server.

name

string

Name of the tag

reference

boolean

Reference states if the tag will be imported. Default value is false, which means the tag will be imported.

referencePolicy

TagReferencePolicy

ReferencePolicy defines how other components should consume the image.

TagReferencePolicy [v1/image.openshift.io]

The following table describes the parameters for TagReferencePolicy object:

Field Type Description

type

string

Type determines how the image pull spec should be transformed when the image stream tag is used in deployment config triggers or new builds. The default value is Source, indicating the original location of the image should be used (if imported). The user may also specify Local, indicating that the pull spec should point to the integrated container image registry and leverage the registry’s ability to proxy the pull to an upstream registry. Local allows the credentials used to pull this image to be managed from the image stream’s namespace, so others on the platform can access a remote image but have no access to the remote secret. It also allows the image layers to be mirrored into the local registry which the images can still be pulled even if the upstream registry is unavailable.

TagImportPolicy [v1/image.openshift.io]

The following table describes the parameters for TagImportPolicy object:

Field Type Description

insecure

boolean

Insecure is true if the server may bypass certificate verification or connect directly over HTTP during image import.

scheduled

boolean

Scheduled indicates to the server that this tag should be periodically checked to ensure it is up to date, and imported

ObjectReference [v1/core]

The following table describes the parameters for ObjectReference object:

Field Type Description

apiVersion

string

API version of the referent.

fieldPath

string

If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

ObjectMeta_v2 [v1/meta]

The following table describes the parameters for ObjectMeta_v2 object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

ImageLookupPolicy [v1/image.openshift.io]

The following table describes the parameters for ImageLookupPolicy object:

Field Type Description

local

boolean

local will change the docker short image references (like "mysql" or "php:latest") on objects in this namespace to the image ID whenever they match this image stream, instead of reaching out to a remote registry. The name will be fully qualified to an image ID if found. The tag’s referencePolicy is taken into account on the replaced value. Only works within the current namespace.

Image [v1/image.openshift.io]

The following table describes the parameters for Image object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

dockerImageConfig

string

DockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2.

dockerImageLayers

ImageLayer array

DockerImageLayers represents the layers in the image. May not be set if the image does not define that data.

dockerImageManifest

string

DockerImageManifest is the raw JSON of the manifest

dockerImageManifestMediaType

string

DockerImageManifestMediaType specifies the mediaType of manifest. This is a part of manifest schema v2.

dockerImageMetadata

DockerImageMetadata contains metadata about this image

dockerImageMetadataVersion

string

DockerImageMetadataVersion conveys the version of the object, which if empty defaults to "1.0"

dockerImageReference

string

DockerImageReference is the string that can be used to pull this image.

dockerImageSignatures

string array

DockerImageSignatures provides the signatures as opaque blobs. This is a part of manifest schema v1.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

signatures

ImageSignature array

Signatures holds all signatures of the image.

ImageSignature [v1/image.openshift.io]

The following table describes the parameters for ImageSignature object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

conditions

SignatureCondition array

Conditions represent the latest available observations of a signature’s current state.

content

string

Required: An opaque binary string which is an image’s signature.

created

Time

If specified, it is the time of signature’s creation.

imageIdentity

string

A human readable string representing image’s identity. It could be a product name and version, or an image pull spec (e.g. "registry.access.redhat.com/rhel7/rhel:7.2").

issuedBy

SignatureIssuer

If specified, it holds information about an issuer of signing certificate or key (a person or entity who signed the signing certificate or key).

issuedTo

SignatureSubject

If specified, it holds information about a subject of signing certificate or key (a person or entity who signed the image).

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

signedClaims

object

Contains claims from the signature.

type

string

Required: Describes a type of stored blob.

SignatureSubject [v1/image.openshift.io]

The following table describes the parameters for SignatureSubject object:

Field Type Description

commonName

string

Common name (e.g. openshift-signing-service).

organization

string

Organization name.

publicKeyID

string

If present, it is a human readable key id of public key belonging to the subject used to verify image signature. It should contain at least 64 lowest bits of public key’s fingerprint (e.g. 0x685ebe62bf278440).

SignatureIssuer [v1/image.openshift.io]

The following table describes the parameters for SignatureIssuer object:

Field Type Description

commonName

string

Common name (e.g. openshift-signing-service).

organization

string

Organization name.

SignatureCondition [v1/image.openshift.io]

The following table describes the parameters for SignatureCondition object:

Field Type Description

lastProbeTime

Time

Last time the condition was checked.

lastTransitionTime

Time

Last time the condition transit from one status to another.

message

string

Human readable message indicating details about last transition.

reason

string

(brief) reason for the condition’s last transition.

status

string

Status of the condition, one of True, False, Unknown.

type

string

Type of signature condition, Complete or Failed.

ImageLayer [v1/image.openshift.io]

The following table describes the parameters for ImageLayer object:

Field Type Description

mediaType

string

MediaType of the referenced object.

name

string

Name of the layer as defined by the underlying store.

size

integer

Size of the layer in bytes as defined by the underlying store.

TagEventCondition [v1/image.openshift.io]

The following table describes the parameters for TagEventCondition object:

Field Type Description

generation

integer

Generation is the spec tag generation that this status corresponds to

lastTransitionTime

Time

LastTransitionTIme is the time the condition transitioned from one status to another.

message

string

Message is a human readable description of the details about last transition, complementing reason.

reason

string

Reason is a brief machine readable explanation for the condition’s last transition.

status

string

Status of the condition, one of True, False, Unknown.

type

string

Type of tag event condition, currently only ImportSuccess

Operations

Config v1 imageregistry.operator.openshift.io

Appears in

ConfigList [imageregistry.operator.openshift.io/v1]

Definitions

Config [v1/imageregistry.operator.openshift.io]

The following table describes the parameters for the Config object:

Field

Type

Description

ConfigList [v1/imageregistry.operator.openshift.io]

The following table describes the parameters for ConfigList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Config array

List of configs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

DNSRecord v1 ingress.operator.openshift.io

Appears in

DNSRecordList [ingress.operator.openshift.io/v1]

Definitions

DNSRecord [v1/ingress.operator.openshift.io]

The following table describes the parameters for the DNSRecord object:

Field

Type

Description

DNSRecordList [v1/ingress.operator.openshift.io]

The following table describes the parameters for DNSRecordList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

DNSRecord array

List of dnsrecords. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

NetworkAttachmentDefinition v1 k8s.cni.cncf.io

Appears in

NetworkAttachmentDefinitionList [k8s.cni.cncf.io/v1]

Definitions

NetworkAttachmentDefinition [v1/k8s.cni.cncf.io]

The following table describes the parameters for the NetworkAttachmentDefinition object:

Field

Type

Description

NetworkAttachmentDefinitionList [v1/k8s.cni.cncf.io]

The following table describes the parameters for NetworkAttachmentDefinitionList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

NetworkAttachmentDefinition array

List of network-attachment-definitions. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

Machine v1beta1 machine.openshift.io

Appears in

MachineList [machine.openshift.io/v1beta1]

Definitions

Machine [v1beta1/machine.openshift.io]

The following table describes the parameters for the Machine object:

Field

Type

Description

MachineList [v1beta1/machine.openshift.io]

The following table describes the parameters for MachineList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Machine array

List of machines. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

MachineHealthCheck v1beta1 machine.openshift.io

Appears in

MachineHealthCheckList [machine.openshift.io/v1beta1]

Definitions

MachineHealthCheck [v1beta1/machine.openshift.io]

The following table describes the parameters for the MachineHealthCheck object:

Field

Type

Description

MachineHealthCheckList [v1beta1/machine.openshift.io]

The following table describes the parameters for MachineHealthCheckList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

MachineHealthCheck array

List of machinehealthchecks. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

MachineSet v1beta1 machine.openshift.io

Appears in

MachineSetList [machine.openshift.io/v1beta1]

Definitions

MachineSet [v1beta1/machine.openshift.io]

The following table describes the parameters for the MachineSet object:

Field

Type

Description

MachineSetList [v1beta1/machine.openshift.io]

The following table describes the parameters for MachineSetList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

MachineSet array

List of machinesets. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

ContainerRuntimeConfig v1 machineconfiguration.openshift.io

Appears in

ContainerRuntimeConfigList [machineconfiguration.openshift.io/v1]

Definitions

ContainerRuntimeConfig [v1/machineconfiguration.openshift.io]

The following table describes the parameters for the ContainerRuntimeConfig object:

Field

Type

Description

ContainerRuntimeConfigList [v1/machineconfiguration.openshift.io]

The following table describes the parameters for ContainerRuntimeConfigList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

ContainerRuntimeConfig array

List of containerruntimeconfigs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

ControllerConfig v1 machineconfiguration.openshift.io

Appears in

ControllerConfigList [machineconfiguration.openshift.io/v1]

Definitions

ControllerConfig [v1/machineconfiguration.openshift.io]

The following table describes the parameters for the ControllerConfig object:

Field

Type

Description

ControllerConfigList [v1/machineconfiguration.openshift.io]

The following table describes the parameters for ControllerConfigList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

ControllerConfig array

List of controllerconfigs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

KubeletConfig v1 machineconfiguration.openshift.io

Appears in

KubeletConfigList [machineconfiguration.openshift.io/v1]

Definitions

KubeletConfig [v1/machineconfiguration.openshift.io]

The following table describes the parameters for the KubeletConfig object:

Field

Type

Description

KubeletConfigList [v1/machineconfiguration.openshift.io]

The following table describes the parameters for KubeletConfigList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

KubeletConfig array

List of kubeletconfigs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

MachineConfig v1 machineconfiguration.openshift.io

Appears in

MachineConfigList [machineconfiguration.openshift.io/v1]

Definitions

MachineConfig [v1/machineconfiguration.openshift.io]

The following table describes the parameters for the MachineConfig object:

Field

Type

Description

MachineConfigList [v1/machineconfiguration.openshift.io]

The following table describes the parameters for MachineConfigList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

MachineConfig array

List of machineconfigs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

MachineConfigPool v1 machineconfiguration.openshift.io

Appears in

MachineConfigPoolList [machineconfiguration.openshift.io/v1]

Definitions

MachineConfigPool [v1/machineconfiguration.openshift.io]

The following table describes the parameters for the MachineConfigPool object:

Field

Type

Description

MachineConfigPoolList [v1/machineconfiguration.openshift.io]

The following table describes the parameters for MachineConfigPoolList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

MachineConfigPool array

List of machineconfigpools. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

MCOConfig v1 machineconfiguration.openshift.io

Appears in

MCOConfigList [machineconfiguration.openshift.io/v1]

Definitions

MCOConfig [v1/machineconfiguration.openshift.io]

The following table describes the parameters for the MCOConfig object:

Field

Type

Description

MCOConfigList [v1/machineconfiguration.openshift.io]

The following table describes the parameters for MCOConfigList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

MCOConfig array

List of mcoconfigs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

BareMetalHost v1alpha1 metal3.io

Appears in

BareMetalHostList [metal3.io/v1alpha1]

Definitions

BareMetalHost [v1alpha1/metal3.io]

The following table describes the parameters for the BareMetalHost object:

Field

Type

Description

BareMetalHostList [v1alpha1/metal3.io]

The following table describes the parameters for BareMetalHostList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

BareMetalHost array

List of baremetalhosts. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

StorageState v1alpha1 migration

Appears in

StorageStateList [migration/v1alpha1]

Definitions

StorageState [v1alpha1/migration]

The following table describes the parameters for the StorageState object:

Field

Type

Description

StorageStateList [v1alpha1/migration]

The following table describes the parameters for StorageStateList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

StorageState array

List of storagestates. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

Write Operations

Create

create a StorageState

HTTP request

post /apis/migration.k8s.io/v1alpha1/storagestates

Table 1668. HTTP body
Object	Type
`body`	StorageState

Table 1669. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1670. HTTP responses
Code	Type
200 - OK	StorageState
201 - Created	StorageState
202 - Accepted	StorageState

Patch

partially update the specified StorageState

HTTP request

patch /apis/migration.k8s.io/v1alpha1/storagestates/{name}

Table 1671. HTTP body
Object	Type
`body`	Patch

Table 1672. Path parameters
Parameter	Description
`name`	name of the StorageState

Table 1673. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1674. HTTP responses
Code	Type
200 - OK	StorageState

Replace

replace the specified StorageState

HTTP request

put /apis/migration.k8s.io/v1alpha1/storagestates/{name}

Table 1675. HTTP body
Object	Type
`body`	StorageState

Table 1676. Path parameters
Parameter	Description
`name`	name of the StorageState

Table 1677. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1678. HTTP responses
Code	Type
200 - OK	StorageState
201 - Created	StorageState

Delete

delete a StorageState

HTTP request

delete /apis/migration.k8s.io/v1alpha1/storagestates/{name}

Table 1679. HTTP body
Object	Type
`body`	DeleteOptions

Table 1680. Path parameters
Parameter	Description
`name`	name of the StorageState

Table 1681. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 1682. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of StorageState

HTTP request

delete /apis/migration.k8s.io/v1alpha1/storagestates

Table 1683. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1684. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified StorageState

HTTP request

get /apis/migration.k8s.io/v1alpha1/storagestates/{name}

Table 1685. Path parameters
Parameter	Description
`name`	name of the StorageState

Table 1686. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.

Table 1687. HTTP responses
Code	Type
200 - OK	StorageState

List

list objects of kind StorageState

HTTP request

get /apis/migration.k8s.io/v1alpha1/storagestates

Table 1688. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1689. HTTP responses
Code	Type
200 - OK	StorageStateList

Status Operations

Patch Status

partially update status of the specified StorageState

HTTP request

patch /apis/migration.k8s.io/v1alpha1/storagestates/{name}/status

Table 1690. HTTP body
Object	Type
`body`	Patch

Table 1691. Path parameters
Parameter	Description
`name`	name of the StorageState

Table 1692. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1693. HTTP responses
Code	Type
200 - OK	StorageState

Read Status

read status of the specified StorageState

HTTP request

get /apis/migration.k8s.io/v1alpha1/storagestates/{name}/status

Table 1694. Path parameters
Parameter	Description
`name`	name of the StorageState

Table 1695. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.

Table 1696. HTTP responses
Code	Type
200 - OK	StorageState

Replace Status

replace status of the specified StorageState

HTTP request

put /apis/migration.k8s.io/v1alpha1/storagestates/{name}/status

Table 1697. HTTP body
Object	Type
`body`	StorageState

Table 1698. Path parameters
Parameter	Description
`name`	name of the StorageState

Table 1699. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1700. HTTP responses
Code	Type
200 - OK	StorageState
201 - Created	StorageState

StorageVersionMigration v1alpha1 migration

Appears in

StorageVersionMigrationList [migration/v1alpha1]

Definitions

StorageVersionMigration [v1alpha1/migration]

The following table describes the parameters for the StorageVersionMigration object:

Field

Type

Description

StorageVersionMigrationList [v1alpha1/migration]

The following table describes the parameters for StorageVersionMigrationList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

StorageVersionMigration array

List of storageversionmigrations. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

Write Operations

Create

create a StorageVersionMigration

HTTP request

post /apis/migration.k8s.io/v1alpha1/storageversionmigrations

Table 1701. HTTP body
Object	Type
`body`	StorageVersionMigration

Table 1702. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1703. HTTP responses
Code	Type
200 - OK	StorageVersionMigration
201 - Created	StorageVersionMigration
202 - Accepted	StorageVersionMigration

Patch

partially update the specified StorageVersionMigration

HTTP request

patch /apis/migration.k8s.io/v1alpha1/storageversionmigrations/{name}

Table 1704. HTTP body
Object	Type
`body`	Patch

Table 1705. Path parameters
Parameter	Description
`name`	name of the StorageVersionMigration

Table 1706. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1707. HTTP responses
Code	Type
200 - OK	StorageVersionMigration

Replace

replace the specified StorageVersionMigration

HTTP request

put /apis/migration.k8s.io/v1alpha1/storageversionmigrations/{name}

Table 1708. HTTP body
Object	Type
`body`	StorageVersionMigration

Table 1709. Path parameters
Parameter	Description
`name`	name of the StorageVersionMigration

Table 1710. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1711. HTTP responses
Code	Type
200 - OK	StorageVersionMigration
201 - Created	StorageVersionMigration

Delete

delete a StorageVersionMigration

HTTP request

delete /apis/migration.k8s.io/v1alpha1/storageversionmigrations/{name}

Table 1712. HTTP body
Object	Type
`body`	DeleteOptions

Table 1713. Path parameters
Parameter	Description
`name`	name of the StorageVersionMigration

Table 1714. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 1715. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of StorageVersionMigration

HTTP request

delete /apis/migration.k8s.io/v1alpha1/storageversionmigrations

Table 1716. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1717. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified StorageVersionMigration

HTTP request

get /apis/migration.k8s.io/v1alpha1/storageversionmigrations/{name}

Table 1718. Path parameters
Parameter	Description
`name`	name of the StorageVersionMigration

Table 1719. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.

Table 1720. HTTP responses
Code	Type
200 - OK	StorageVersionMigration

List

list objects of kind StorageVersionMigration

HTTP request

get /apis/migration.k8s.io/v1alpha1/storageversionmigrations

Table 1721. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1722. HTTP responses
Code	Type
200 - OK	StorageVersionMigrationList

Status Operations

Patch Status

partially update status of the specified StorageVersionMigration

HTTP request

patch /apis/migration.k8s.io/v1alpha1/storageversionmigrations/{name}/status

Table 1723. HTTP body
Object	Type
`body`	Patch

Table 1724. Path parameters
Parameter	Description
`name`	name of the StorageVersionMigration

Table 1725. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1726. HTTP responses
Code	Type
200 - OK	StorageVersionMigration

Read Status

read status of the specified StorageVersionMigration

HTTP request

get /apis/migration.k8s.io/v1alpha1/storageversionmigrations/{name}/status

Table 1727. Path parameters
Parameter	Description
`name`	name of the StorageVersionMigration

Table 1728. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.

Table 1729. HTTP responses
Code	Type
200 - OK	StorageVersionMigration

Replace Status

replace status of the specified StorageVersionMigration

HTTP request

put /apis/migration.k8s.io/v1alpha1/storageversionmigrations/{name}/status

Table 1730. HTTP body
Object	Type
`body`	StorageVersionMigration

Table 1731. Path parameters
Parameter	Description
`name`	name of the StorageVersionMigration

Table 1732. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1733. HTTP responses
Code	Type
200 - OK	StorageVersionMigration
201 - Created	StorageVersionMigration

Alertmanager v1 monitoring.coreos.com

Appears in

AlertmanagerList [monitoring.coreos.com/v1]

Definitions

Alertmanager [v1/monitoring.coreos.com]

The following table describes the parameters for the Alertmanager object:

Field

Type

Description

AlertmanagerList [v1/monitoring.coreos.com]

The following table describes the parameters for AlertmanagerList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Alertmanager array

List of alertmanagers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

PodMonitor v1 monitoring.coreos.com

Appears in

PodMonitorList [monitoring.coreos.com/v1]

Definitions

PodMonitor [v1/monitoring.coreos.com]

The following table describes the parameters for the PodMonitor object:

Field

Type

Description

PodMonitorList [v1/monitoring.coreos.com]

The following table describes the parameters for PodMonitorList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

PodMonitor array

List of podmonitors. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

Prometheus v1 monitoring.coreos.com

Appears in

PrometheusList [monitoring.coreos.com/v1]

Definitions

Prometheus [v1/monitoring.coreos.com]

The following table describes the parameters for the Prometheus object:

Field

Type

Description

PrometheusList [v1/monitoring.coreos.com]

The following table describes the parameters for PrometheusList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Prometheus array

List of prometheuses. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

PrometheusRule v1 monitoring.coreos.com

Appears in

PrometheusRuleList [monitoring.coreos.com/v1]

Definitions

PrometheusRule [v1/monitoring.coreos.com]

The following table describes the parameters for the PrometheusRule object:

Field

Type

Description

PrometheusRuleList [v1/monitoring.coreos.com]

The following table describes the parameters for PrometheusRuleList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

PrometheusRule array

List of prometheusrules. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

ServiceMonitor v1 monitoring.coreos.com

Appears in

ServiceMonitorList [monitoring.coreos.com/v1]

Definitions

ServiceMonitor [v1/monitoring.coreos.com]

The following table describes the parameters for the ServiceMonitor object:

Field

Type

Description

ServiceMonitorList [v1/monitoring.coreos.com]

The following table describes the parameters for ServiceMonitorList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

ServiceMonitor array

List of servicemonitors. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

ClusterNetwork v1 network.openshift.io

Appears in

ClusterNetworkList [network.openshift.io/v1]

Definitions

ClusterNetwork [v1/network.openshift.io]

The following table describes the parameters for the ClusterNetwork object:

Field

Type

Description

ClusterNetworkList [v1/network.openshift.io]

The following table describes the parameters for ClusterNetworkList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

ClusterNetwork array

List of clusternetworks. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

EgressNetworkPolicy v1 network.openshift.io

Appears in

EgressNetworkPolicyList [network.openshift.io/v1]

Definitions

EgressNetworkPolicy [v1/network.openshift.io]

The following table describes the parameters for the EgressNetworkPolicy object:

Field

Type

Description

EgressNetworkPolicyList [v1/network.openshift.io]

The following table describes the parameters for EgressNetworkPolicyList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

EgressNetworkPolicy array

List of egressnetworkpolicies. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

HostSubnet v1 network.openshift.io

Appears in

HostSubnetList [network.openshift.io/v1]

Definitions

HostSubnet [v1/network.openshift.io]

The following table describes the parameters for the HostSubnet object:

Field

Type

Description

HostSubnetList [v1/network.openshift.io]

The following table describes the parameters for HostSubnetList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

HostSubnet array

List of hostsubnets. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

NetNamespace v1 network.openshift.io

Appears in

NetNamespaceList [network.openshift.io/v1]

Definitions

NetNamespace [v1/network.openshift.io]

The following table describes the parameters for the NetNamespace object:

Field

Type

Description

NetNamespaceList [v1/network.openshift.io]

The following table describes the parameters for NetNamespaceList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

NetNamespace array

List of netnamespaces. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

OperatorPKI v1 network.operator.openshift.io

Appears in

OperatorPKIList [network.operator.openshift.io/v1]

Definitions

OperatorPKI [v1/network.operator.openshift.io]

The following table describes the parameters for the OperatorPKI object:

Field

Type

Description

OperatorPKIList [v1/network.operator.openshift.io]

The following table describes the parameters for OperatorPKIList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

OperatorPKI array

List of operatorpkis. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

Ingress v1beta1 networking

Appears in

IngressList [networking/v1beta1]

Definitions

Ingress [v1beta1/networking]

The following table describes the parameters for the Ingress object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

IngressSpec

Spec is the desired state of the Ingress. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

status

IngressStatus

Status is the current state of the Ingress. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

IngressSpec [v1beta1/networking]

The following table describes the parameters for IngressSpec object:

Field Type Description

backend

IngressBackend

A default backend capable of servicing requests that don’t match any rule. At least one of 'backend' or 'rules' must be specified. This field is optional to allow the loadbalancer controller or defaulting logic to specify a global default.

rules

IngressRule array

A list of host rules used to configure the Ingress. If unspecified, or no rule matches, all traffic is sent to the default backend.

tls

IngressTLS array

TLS configuration. Currently the Ingress only supports a single TLS port, 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI.

IngressStatus [v1beta1/networking]

The following table describes the parameters for IngressStatus object:

Field Type Description

loadBalancer

LoadBalancerStatus

LoadBalancer contains the current status of the load-balancer.

IngressList [v1beta1/networking]

The following table describes the parameters for IngressList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Ingress array

Items is the list of Ingress.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

LoadBalancerStatus [v1/core]

The following table describes the parameters for LoadBalancerStatus object:

Field Type Description

ingress

LoadBalancerIngress array

Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points.

LoadBalancerIngress [v1/core]

The following table describes the parameters for LoadBalancerIngress object:

Field Type Description

hostname

string

Hostname is set for load-balancer ingress points that are DNS based (typically AWS load-balancers)

ip

string

IP is set for load-balancer ingress points that are IP based (typically GCE or RHOSP load-balancers)

IngressTLS [v1beta1/networking]

The following table describes the parameters for IngressTLS object:

Field Type Description

hosts

string array

Hosts are a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified.

secretName

string

SecretName is the name of the secret used to terminate SSL traffic on 443. Field is left optional to allow SSL routing based on SNI hostname alone. If the SNI host in a listener conflicts with the "Host" header field used by an IngressRule, the SNI host is used for termination and value of the Host header is used for routing.

IngressRule [v1beta1/networking]

The following table describes the parameters for IngressRule object:

Field Type Description

host

string

Host is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the "host" part of the URI as defined in the RFC: 1. IPs are not allowed. Currently an IngressRuleValue can only apply to the IP in the Spec of the parent Ingress. 2. The : delimiter is not respected because ports are not allowed. Currently the port of an Ingress is implicitly :80 for http and :443 for https. Both these may change in the future. Incoming requests are matched against the host before the IngressRuleValue. If the host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue.

http

HTTPIngressRuleValue

HTTPIngressRuleValue [v1beta1/networking]

The following table describes the parameters for HTTPIngressRuleValue object:

Field Type Description

paths

HTTPIngressPath array

A collection of paths that map requests to backends.

HTTPIngressPath [v1beta1/networking]

The following table describes the parameters for HTTPIngressPath object:

Field Type Description

backend

IngressBackend

Backend defines the referenced service endpoint to which the traffic will be forwarded to.

path

string

Path is an extended POSIX regex as defined by IEEE Std 1003.1, (i.e this follows the egrep/unix syntax, not the perl syntax) matched against the path of an incoming request. Currently it can contain characters disallowed from the conventional "path" part of a URL as defined by RFC 3986. Paths must begin with a '/'. If unspecified, the path defaults to a catch all sending traffic to the backend.

IngressBackend [v1beta1/networking]

The following table describes the parameters for IngressBackend object:

Field Type Description

serviceName

string

Specifies the name of the referenced service.

servicePort

Specifies the port of the referenced service.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create an Ingress

HTTP request

post /apis/networking.k8s.io/v1beta1/namespaces/{namespace}/ingresses

Table 1734. HTTP body
Object	Type
`body`	Ingress

Table 1735. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1736. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1737. HTTP responses
Code	Type
200 - OK	Ingress
201 - Created	Ingress
202 - Accepted	Ingress

Patch

partially update the specified Ingress

HTTP request

patch /apis/networking.k8s.io/v1beta1/namespaces/{namespace}/ingresses/{name}

Table 1738. HTTP body
Object	Type
`body`	Patch

Table 1739. Path parameters
Parameter	Description
`name`	name of the Ingress
`namespace`	object name and auth scope, such as for teams and projects

Table 1740. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1741. HTTP responses
Code	Type
200 - OK	Ingress

Replace

replace the specified Ingress

HTTP request

put /apis/networking.k8s.io/v1beta1/namespaces/{namespace}/ingresses/{name}

Table 1742. HTTP body
Object	Type
`body`	Ingress

Table 1743. Path parameters
Parameter	Description
`name`	name of the Ingress
`namespace`	object name and auth scope, such as for teams and projects

Table 1744. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1745. HTTP responses
Code	Type
200 - OK	Ingress
201 - Created	Ingress

Delete

delete an Ingress

HTTP request

delete /apis/networking.k8s.io/v1beta1/namespaces/{namespace}/ingresses/{name}

Table 1746. HTTP body
Object	Type
`body`	DeleteOptions

Table 1747. Path parameters
Parameter	Description
`name`	name of the Ingress
`namespace`	object name and auth scope, such as for teams and projects

Table 1748. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 1749. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of Ingress

HTTP request

delete /apis/networking.k8s.io/v1beta1/namespaces/{namespace}/ingresses

Table 1750. HTTP body
Object	Type
`body`	DeleteOptions

Table 1751. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1752. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1753. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified Ingress

HTTP request

get /apis/networking.k8s.io/v1beta1/namespaces/{namespace}/ingresses/{name}

Table 1754. Path parameters
Parameter	Description
`name`	name of the Ingress
`namespace`	object name and auth scope, such as for teams and projects

Table 1755. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 1756. HTTP responses
Code	Type
200 - OK	Ingress

List

list or watch objects of kind Ingress

HTTP request

get /apis/networking.k8s.io/v1beta1/namespaces/{namespace}/ingresses

Table 1757. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1758. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1759. HTTP responses
Code	Type
200 - OK	IngressList

List All Namespaces

list or watch objects of kind Ingress

HTTP request

get /apis/networking.k8s.io/v1beta1/ingresses

Table 1760. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1761. HTTP responses
Code	Type
200 - OK	IngressList

Watch

watch changes to an object of kind Ingress. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /apis/networking.k8s.io/v1beta1/watch/namespaces/{namespace}/ingresses/{name}

Table 1762. Path parameters
Parameter	Description
`name`	name of the Ingress
`namespace`	object name and auth scope, such as for teams and projects

Table 1763. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1764. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of Ingress. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/networking.k8s.io/v1beta1/watch/namespaces/{namespace}/ingresses

Table 1765. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1766. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1767. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List All Namespaces

watch individual changes to a list of Ingress. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/networking.k8s.io/v1beta1/watch/ingresses

Table 1768. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1769. HTTP responses
Code	Type
200 - OK	WatchEvent

Status Operations

Patch Status

partially update status of the specified Ingress

HTTP request

patch /apis/networking.k8s.io/v1beta1/namespaces/{namespace}/ingresses/{name}/status

Table 1770. HTTP body
Object	Type
`body`	Patch

Table 1771. Path parameters
Parameter	Description
`name`	name of the Ingress
`namespace`	object name and auth scope, such as for teams and projects

Table 1772. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1773. HTTP responses
Code	Type
200 - OK	Ingress

Read Status

read status of the specified Ingress

HTTP request

get /apis/networking.k8s.io/v1beta1/namespaces/{namespace}/ingresses/{name}/status

Table 1774. Path parameters
Parameter	Description
`name`	name of the Ingress
`namespace`	object name and auth scope, such as for teams and projects

Table 1775. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 1776. HTTP responses
Code	Type
200 - OK	Ingress

Replace Status

replace status of the specified Ingress

HTTP request

put /apis/networking.k8s.io/v1beta1/namespaces/{namespace}/ingresses/{name}/status

Table 1777. HTTP body
Object	Type
`body`	Ingress

Table 1778. Path parameters
Parameter	Description
`name`	name of the Ingress
`namespace`	object name and auth scope, such as for teams and projects

Table 1779. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1780. HTTP responses
Code	Type
200 - OK	Ingress
201 - Created	Ingress

NetworkPolicy v1 networking

Appears in

NetworkPolicyList [networking/v1]

Definitions

NetworkPolicy [v1/networking]

The following table describes the parameters for the NetworkPolicy object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

NetworkPolicySpec

Specification of the desired behavior for this NetworkPolicy.

NetworkPolicySpec [v1/networking]

The following table describes the parameters for NetworkPolicySpec object:

Field Type Description

egress

NetworkPolicyEgressRule array

List of egress rules to be applied to the selected pods. Outgoing traffic is allowed if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic matches at least one egress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy limits all outgoing traffic (and serves solely to ensure that the pods it selects are isolated by default). This field is beta-level in 1.8

ingress

NetworkPolicyIngressRule array

List of ingress rules to be applied to the selected pods. Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic source is the pod’s local node, OR if the traffic matches at least one ingress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy does not allow any traffic (and serves solely to ensure that the pods it selects are isolated by default)

podSelector

LabelSelector

Selects the pods to which this NetworkPolicy object applies. The array of ingress rules is applied to any pods selected by this field. Multiple network policies can select the same set of pods. In this case, the ingress rules for each are combined additively. This field is NOT optional and follows standard label selector semantics. An empty podSelector matches all pods in this namespace.

policyTypes

string array

List of rule types that the NetworkPolicy relates to. Valid options are "Ingress", "Egress", or "Ingress,Egress". If this field is not specified, it will default based on the existence of Ingress or Egress rules; policies that contain an Egress section are assumed to affect Egress, and all policies (whether or not they contain an Ingress section) are assumed to affect Ingress. If you want to write an egress-only policy, you must explicitly specify policyTypes [ "Egress" ]. Likewise, if you want to write a policy that specifies that no egress is allowed, you must specify a policyTypes value that include "Egress" (since such a policy would not include an Egress section and would otherwise default to just [ "Ingress" ]). This field is beta-level in 1.8

NetworkPolicyList [v1/networking]

The following table describes the parameters for NetworkPolicyList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

NetworkPolicy array

Items is a list of schema objects.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

LabelSelector [v1/meta]

The following table describes the parameters for LabelSelector object:

Field Type Description

matchExpressions

LabelSelectorRequirement array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchLabels

object

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

LabelSelectorRequirement [v1/meta]

The following table describes the parameters for LabelSelectorRequirement object:

Field Type Description

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

string array

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

NetworkPolicyIngressRule [v1/networking]

The following table describes the parameters for NetworkPolicyIngressRule object:

Field Type Description

from

NetworkPolicyPeer array

List of sources which should be able to access the pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all sources (traffic not restricted by source). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the from list.

ports

NetworkPolicyPort array

List of ports which should be made accessible on the pods selected for this rule. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.

NetworkPolicyPort [v1/networking]

The following table describes the parameters for NetworkPolicyPort object:

Field Type Description

port

The port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers.

protocol

string

The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.

NetworkPolicyPeer [v1/networking]

The following table describes the parameters for NetworkPolicyPeer object:

Field Type Description

ipBlock

IPBlock

IPBlock defines policy on a particular IPBlock. If this field is set then neither of the other fields can be.

namespaceSelector

LabelSelector

Selects Namespaces using cluster-scoped labels. This field follows standard label selector semantics; if present but empty, it selects all namespaces.

If PodSelector is also set, then the NetworkPolicyPeer as a whole selects the Pods matching PodSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects all Pods in the Namespaces selected by NamespaceSelector.

podSelector

LabelSelector

This is a label selector which selects Pods. This field follows standard label selector semantics; if present but empty, it selects all pods.

If NamespaceSelector is also set, then the NetworkPolicyPeer as a whole selects the Pods matching PodSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects the Pods matching PodSelector in the policy’s own Namespace.

IPBlock [v1/networking]

The following table describes the parameters for IPBlock object:

Field Type Description

cidr

string

CIDR is a string representing the IP Block Valid examples are "192.168.1.1/24"

except

string array

Except is a slice of CIDRs that should not be included within an IP Block Valid examples are "192.168.1.1/24" Except values will be rejected if they are outside the CIDR range

NetworkPolicyEgressRule [v1/networking]

The following table describes the parameters for NetworkPolicyEgressRule object:

Field Type Description

ports

NetworkPolicyPort array

List of destination ports for outgoing traffic. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.

to

NetworkPolicyPeer array

List of destinations for outgoing traffic of pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all destinations (traffic not restricted by destination). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the to list.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a NetworkPolicy

HTTP request

post /apis/networking.k8s.io/v1/namespaces/{namespace}/networkpolicies

Table 1781. HTTP body
Object	Type
`body`	NetworkPolicy

Table 1782. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1783. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1784. HTTP responses
Code	Type
200 - OK	NetworkPolicy
201 - Created	NetworkPolicy
202 - Accepted	NetworkPolicy

Patch

partially update the specified NetworkPolicy

HTTP request

patch /apis/networking.k8s.io/v1/namespaces/{namespace}/networkpolicies/{name}

Table 1785. HTTP body
Object	Type
`body`	Patch

Table 1786. Path parameters
Parameter	Description
`name`	name of the NetworkPolicy
`namespace`	object name and auth scope, such as for teams and projects

Table 1787. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1788. HTTP responses
Code	Type
200 - OK	NetworkPolicy

Replace

replace the specified NetworkPolicy

HTTP request

put /apis/networking.k8s.io/v1/namespaces/{namespace}/networkpolicies/{name}

Table 1789. HTTP body
Object	Type
`body`	NetworkPolicy

Table 1790. Path parameters
Parameter	Description
`name`	name of the NetworkPolicy
`namespace`	object name and auth scope, such as for teams and projects

Table 1791. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1792. HTTP responses
Code	Type
200 - OK	NetworkPolicy
201 - Created	NetworkPolicy

Delete

delete a NetworkPolicy

HTTP request

delete /apis/networking.k8s.io/v1/namespaces/{namespace}/networkpolicies/{name}

Table 1793. HTTP body
Object	Type
`body`	DeleteOptions

Table 1794. Path parameters
Parameter	Description
`name`	name of the NetworkPolicy
`namespace`	object name and auth scope, such as for teams and projects

Table 1795. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 1796. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of NetworkPolicy

HTTP request

delete /apis/networking.k8s.io/v1/namespaces/{namespace}/networkpolicies

Table 1797. HTTP body
Object	Type
`body`	DeleteOptions

Table 1798. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1799. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1800. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified NetworkPolicy

HTTP request

get /apis/networking.k8s.io/v1/namespaces/{namespace}/networkpolicies/{name}

Table 1801. Path parameters
Parameter	Description
`name`	name of the NetworkPolicy
`namespace`	object name and auth scope, such as for teams and projects

Table 1802. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 1803. HTTP responses
Code	Type
200 - OK	NetworkPolicy

List

list or watch objects of kind NetworkPolicy

HTTP request

get /apis/networking.k8s.io/v1/namespaces/{namespace}/networkpolicies

Table 1804. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1805. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1806. HTTP responses
Code	Type
200 - OK	NetworkPolicyList

List All Namespaces

list or watch objects of kind NetworkPolicy

HTTP request

get /apis/networking.k8s.io/v1/networkpolicies

Table 1807. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1808. HTTP responses
Code	Type
200 - OK	NetworkPolicyList

Watch

watch changes to an object of kind NetworkPolicy. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /apis/networking.k8s.io/v1/watch/namespaces/{namespace}/networkpolicies/{name}

Table 1809. Path parameters
Parameter	Description
`name`	name of the NetworkPolicy
`namespace`	object name and auth scope, such as for teams and projects

Table 1810. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1811. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of NetworkPolicy. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/networking.k8s.io/v1/watch/namespaces/{namespace}/networkpolicies

Table 1812. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1813. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1814. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List All Namespaces

watch individual changes to a list of NetworkPolicy. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/networking.k8s.io/v1/watch/networkpolicies

Table 1815. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1816. HTTP responses
Code	Type
200 - OK	WatchEvent

RuntimeClass v1beta1 node

Appears in

RuntimeClassList [node/v1beta1]

Definitions

RuntimeClass [v1beta1/node]

The following table describes the parameters for the RuntimeClass object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

handler

string

Handler specifies the underlying runtime and configuration that the CRI implementation will use to handle pods of this class. The possible values are specific to the node & CRI configuration. It is assumed that all handlers are available on every node, and handlers of the same name are equivalent on every node. For example, a handler called "runc" might specify that the runc OCI runtime (using native Linux containers) will be used to run the containers in a pod. The Handler must conform to the DNS Label (RFC 1123) requirements, and is immutable.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

overhead

Overhead

Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. For more details, see https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md This field is alpha-level as of Kubernetes v1.15, and is only honored by servers that enable the PodOverhead feature.

scheduling

Scheduling

Scheduling holds the scheduling constraints to ensure that pods running with this RuntimeClass are scheduled to nodes that support it. If scheduling is nil, this RuntimeClass is assumed to be supported by all nodes.

RuntimeClassList [v1beta1/node]

The following table describes the parameters for RuntimeClassList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

RuntimeClass array

Items is a list of schema objects.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

Scheduling [v1beta1/node]

The following table describes the parameters for Scheduling object:

Field Type Description

nodeSelector

object

nodeSelector lists labels that must be present on nodes that support this RuntimeClass. Pods using this RuntimeClass can only be scheduled to a node matched by this selector. The RuntimeClass nodeSelector is merged with a pod’s existing nodeSelector. Any conflicts will cause the pod to be rejected in admission.

tolerations

Toleration array

tolerations are appended (excluding duplicates) to pods running with this RuntimeClass during admission, effectively unioning the set of nodes tolerated by the pod and the RuntimeClass.

Toleration [v1/core]

The following table describes the parameters for Toleration object:

Field Type Description

effect

string

Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.

key

string

Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.

operator

string

Operator represents a key’s relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.

tolerationSeconds

integer

TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.

value

string

Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.

Overhead [v1beta1/node]

The following table describes the parameters for Overhead object:

Field Type Description

podFixed

object

PodFixed represents the fixed resource overhead associated with running a pod.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a RuntimeClass

HTTP request

post /apis/node.k8s.io/v1beta1/runtimeclasses

Table 1817. HTTP body
Object	Type
`body`	RuntimeClass

Table 1818. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1819. HTTP responses
Code	Type
200 - OK	RuntimeClass
201 - Created	RuntimeClass
202 - Accepted	RuntimeClass

Patch

partially update the specified RuntimeClass

HTTP request

patch /apis/node.k8s.io/v1beta1/runtimeclasses/{name}

Table 1820. HTTP body
Object	Type
`body`	Patch

Table 1821. Path parameters
Parameter	Description
`name`	name of the RuntimeClass

Table 1822. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1823. HTTP responses
Code	Type
200 - OK	RuntimeClass

Replace

replace the specified RuntimeClass

HTTP request

put /apis/node.k8s.io/v1beta1/runtimeclasses/{name}

Table 1824. HTTP body
Object	Type
`body`	RuntimeClass

Table 1825. Path parameters
Parameter	Description
`name`	name of the RuntimeClass

Table 1826. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1827. HTTP responses
Code	Type
200 - OK	RuntimeClass
201 - Created	RuntimeClass

Delete

delete a RuntimeClass

HTTP request

delete /apis/node.k8s.io/v1beta1/runtimeclasses/{name}

Table 1828. HTTP body
Object	Type
`body`	DeleteOptions

Table 1829. Path parameters
Parameter	Description
`name`	name of the RuntimeClass

Table 1830. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 1831. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of RuntimeClass

HTTP request

delete /apis/node.k8s.io/v1beta1/runtimeclasses

Table 1832. HTTP body
Object	Type
`body`	DeleteOptions

Table 1833. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1834. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified RuntimeClass

HTTP request

get /apis/node.k8s.io/v1beta1/runtimeclasses/{name}

Table 1835. Path parameters
Parameter	Description
`name`	name of the RuntimeClass

Table 1836. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 1837. HTTP responses
Code	Type
200 - OK	RuntimeClass

List

list or watch objects of kind RuntimeClass

HTTP request

get /apis/node.k8s.io/v1beta1/runtimeclasses

Table 1838. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1839. HTTP responses
Code	Type
200 - OK	RuntimeClassList

Watch

watch changes to an object of kind RuntimeClass. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /apis/node.k8s.io/v1beta1/watch/runtimeclasses/{name}

Table 1840. Path parameters
Parameter	Description
`name`	name of the RuntimeClass

Table 1841. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1842. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of RuntimeClass. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/node.k8s.io/v1beta1/watch/runtimeclasses

Table 1843. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1844. HTTP responses
Code	Type
200 - OK	WatchEvent

OAuthAccessToken v1 oauth.openshift.io

Appears in

OAuthAccessTokenList [oauth.openshift.io/v1]

Definitions

OAuthAccessToken [v1/oauth.openshift.io]

The following table describes the parameters for the OAuthAccessToken object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

authorizeToken

string

AuthorizeToken contains the token that authorized this token

clientName

string

ClientName references the client that created this token.

expiresIn

integer

ExpiresIn is the seconds from CreationTime before this token expires.

inactivityTimeoutSeconds

integer

InactivityTimeoutSeconds is the value in seconds, from the CreationTimestamp, after which this token can no longer be used. The value is automatically incremented when the token is used.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

redirectURI

string

RedirectURI is the redirection associated with the token.

refreshToken

string

RefreshToken is the value by which this token can be renewed. Can be blank.

scopes

string array

Scopes is an array of the requested scopes.

userName

string

UserName is the user name associated with this token

userUID

string

UserUID is the unique UID associated with this token

OAuthAccessTokenList [v1/oauth.openshift.io]

The following table describes the parameters for OAuthAccessTokenList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

OAuthAccessToken array

Items is the list of OAuth access tokens

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

ObjectMeta_v2 [v1/meta]

The following table describes the parameters for ObjectMeta_v2 object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

OAuthAuthorizeToken v1 oauth.openshift.io

Appears in

OAuthAuthorizeTokenList [oauth.openshift.io/v1]

Definitions

OAuthAuthorizeToken [v1/oauth.openshift.io]

The following table describes the parameters for the OAuthAuthorizeToken object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

clientName

string

ClientName references the client that created this token.

codeChallenge

string

CodeChallenge is the optional code_challenge associated with this authorization code, as described in rfc7636

codeChallengeMethod

string

CodeChallengeMethod is the optional code_challenge_method associated with this authorization code, as described in rfc7636

expiresIn

integer

ExpiresIn is the seconds from CreationTime before this token expires.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

redirectURI

string

RedirectURI is the redirection associated with the token.

scopes

string array

Scopes is an array of the requested scopes.

state

string

State data from request

userName

string

UserName is the user name associated with this token

userUID

string

UserUID is the unique UID associated with this token. UserUID and UserName must both match for this token to be valid.

OAuthAuthorizeTokenList [v1/oauth.openshift.io]

The following table describes the parameters for OAuthAuthorizeTokenList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

OAuthAuthorizeToken array

Items is the list of OAuth authorization tokens

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

ObjectMeta_v2 [v1/meta]

The following table describes the parameters for ObjectMeta_v2 object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

OAuthClient v1 oauth.openshift.io

Appears in

OAuthClientList [oauth.openshift.io/v1]

Definitions

OAuthClient [v1/oauth.openshift.io]

The following table describes the parameters for the OAuthClient object:

Field Type Description

accessTokenInactivityTimeoutSeconds

integer

AccessTokenInactivityTimeoutSeconds overrides the default token inactivity timeout for tokens granted to this client. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. This value needs to be set only if the default set in configuration is not appropriate for this client. Valid values are: - 0: Tokens for this client never time out - X: Tokens time out if there is no activity for X seconds The current minimum allowed value for X is 300 (5 minutes)

accessTokenMaxAgeSeconds

integer

AccessTokenMaxAgeSeconds overrides the default access token max age for tokens granted to this client. 0 means no expiration.

additionalSecrets

string array

AdditionalSecrets holds other secrets that may be used to identify the client. This is useful for rotation and for service account token validation

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

grantMethod

string

GrantMethod is a required field which determines how to handle grants for this client. Valid grant handling methods are: - auto: always approves grant requests, useful for trusted clients - prompt: prompts the end user for approval of grant requests, useful for third-party clients

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

redirectURIs

string array

RedirectURIs is the valid redirection URIs associated with a client

respondWithChallenges

boolean

RespondWithChallenges indicates whether the client wants authentication needed responses made in the form of challenges instead of redirects

scopeRestrictions

ScopeRestriction array

ScopeRestrictions describes which scopes this client can request. Each requested scope is checked against each restriction. If any restriction matches, then the scope is allowed. If no restriction matches, then the scope is denied.

secret

string

Secret is the unique secret associated with a client

OAuthClientList [v1/oauth.openshift.io]

The following table describes the parameters for OAuthClientList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

OAuthClient array

Items is the list of OAuth clients

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

ScopeRestriction [v1/oauth.openshift.io]

The following table describes the parameters for ScopeRestriction object:

Field Type Description

clusterRole

ClusterRoleScopeRestriction

ClusterRole describes a set of restrictions for cluster role scoping.

literals

string array

ExactValues means the scope has to match a particular set of strings exactly

ClusterRoleScopeRestriction [v1/oauth.openshift.io]

The following table describes the parameters for ClusterRoleScopeRestriction object:

Field Type Description

allowEscalation

boolean

AllowEscalation indicates whether you can request roles and their escalating resources

namespaces

string array

Namespaces is the list of namespaces that can be referenced. * means any of them (including *)

roleNames

string array

RoleNames is the list of cluster roles that can referenced. * means anything

ObjectMeta_v2 [v1/meta]

The following table describes the parameters for ObjectMeta_v2 object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

OAuthClientAuthorization v1 oauth.openshift.io

Appears in

OAuthClientAuthorizationList [oauth.openshift.io/v1]

Definitions

OAuthClientAuthorization [v1/oauth.openshift.io]

The following table describes the parameters for the OAuthClientAuthorization object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

clientName

string

ClientName references the client that created this authorization

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

scopes

string array

Scopes is an array of the granted scopes.

userName

string

UserName is the user name that authorized this client

userUID

string

UserUID is the unique UID associated with this authorization. UserUID and UserName must both match for this authorization to be valid.

OAuthClientAuthorizationList [v1/oauth.openshift.io]

The following table describes the parameters for OAuthClientAuthorizationList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

OAuthClientAuthorization array

Items is the list of OAuth client authorizations

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

ObjectMeta_v2 [v1/meta]

The following table describes the parameters for ObjectMeta_v2 object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Authentication v1 operator.openshift.io

Appears in

AuthenticationList [operator.openshift.io/v1]

Definitions

Authentication [v1/operator.openshift.io]

The following table describes the parameters for the Authentication object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

status

object

AuthenticationList [v1/operator.openshift.io]

The following table describes the parameters for AuthenticationList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Authentication array

List of authentications. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Console v1 operator.openshift.io

Appears in

ConsoleList [operator.openshift.io/v1]

Definitions

Console [v1/operator.openshift.io]

The following table describes the parameters for the Console object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

ConsoleSpec is the specification of the desired behavior of the Console.

status

object

ConsoleStatus defines the observed status of the Console.

ConsoleList [v1/operator.openshift.io]

The following table describes the parameters for ConsoleList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Console array

List of consoles. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

DNS v1 operator.openshift.io

Appears in

DNSList [operator.openshift.io/v1]

Definitions

DNS [v1/operator.openshift.io]

The following table describes the parameters for the DNS object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec is the specification of the desired behavior of the DNS.

status

object

status is the most recently observed status of the DNS.

DNSList [v1/operator.openshift.io]

The following table describes the parameters for DNSList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

DNS array

List of dnses. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

ImageContentSourcePolicy v1alpha1 operator.openshift.io

Appears in

ImageContentSourcePolicyList [operator.openshift.io/v1alpha1]

Definitions

ImageContentSourcePolicy [v1alpha1/operator.openshift.io]

The following table describes the parameters for the ImageContentSourcePolicy object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec holds user settable values for configuration

ImageContentSourcePolicyList [v1alpha1/operator.openshift.io]

The following table describes the parameters for ImageContentSourcePolicyList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

ImageContentSourcePolicy array

List of imagecontentsourcepolicies. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

IngressController v1 operator.openshift.io

Appears in

IngressControllerList [operator.openshift.io/v1]

Definitions

IngressController [v1/operator.openshift.io]

The following table describes the parameters for the IngressController object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec is the specification of the desired behavior of the IngressController.

status

object

status is the most recently observed status of the IngressController.

IngressControllerList [v1/operator.openshift.io]

The following table describes the parameters for IngressControllerList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

IngressController array

List of ingresscontrollers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

KubeAPIServer v1 operator.openshift.io

Appears in

KubeAPIServerList [operator.openshift.io/v1]

Definitions

KubeAPIServer [v1/operator.openshift.io]

The following table describes the parameters for the KubeAPIServer object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec is the specification of the desired behavior of the Kubernetes API Server

status

object

status is the most recently observed status of the Kubernetes API Server

KubeAPIServerList [v1/operator.openshift.io]

The following table describes the parameters for KubeAPIServerList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

KubeAPIServer array

List of kubeapiservers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

KubeControllerManager v1 operator.openshift.io

Appears in

KubeControllerManagerList [operator.openshift.io/v1]

Definitions

KubeControllerManager [v1/operator.openshift.io]

The following table describes the parameters for the KubeControllerManager object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec is the specification of the desired behavior of the Kubernetes Controller Manager

status

object

status is the most recently observed status of the Kubernetes Controller Manager

KubeControllerManagerList [v1/operator.openshift.io]

The following table describes the parameters for KubeControllerManagerList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

KubeControllerManager array

List of kubecontrollermanagers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

KubeScheduler v1 operator.openshift.io

Appears in

KubeSchedulerList [operator.openshift.io/v1]

Definitions

KubeScheduler [v1/operator.openshift.io]

The following table describes the parameters for the KubeScheduler object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec is the specification of the desired behavior of the Kubernetes Scheduler

status

object

status is the most recently observed status of the Kubernetes Scheduler

KubeSchedulerList [v1/operator.openshift.io]

The following table describes the parameters for KubeSchedulerList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

KubeScheduler array

List of kubeschedulers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

KubeStorageVersionMigrator v1 operator.openshift.io

Appears in

KubeStorageVersionMigratorList [operator.openshift.io/v1]

Definitions

KubeStorageVersionMigrator [v1/operator.openshift.io]

The following table describes the parameters for the KubeStorageVersionMigrator object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

status

object

KubeStorageVersionMigratorList [v1/operator.openshift.io]

The following table describes the parameters for KubeStorageVersionMigratorList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

KubeStorageVersionMigrator array

List of kubestorageversionmigrators. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Network v1 operator.openshift.io

Appears in

NetworkList [operator.openshift.io/v1]

Definitions

Network [v1/operator.openshift.io]

The following table describes the parameters for the Network object:

Field

Type

Description

NetworkList [v1/operator.openshift.io]

The following table describes the parameters for NetworkList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Network array

List of networks. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

OpenShiftAPIServer v1 operator.openshift.io

Appears in

OpenShiftAPIServerList [operator.openshift.io/v1]

Definitions

OpenShiftAPIServer [v1/operator.openshift.io]

The following table describes the parameters for the OpenShiftAPIServer object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec is the specification of the desired behavior of the OpenShift API Server.

status

object

status defines the observed status of the OpenShift API Server.

OpenShiftAPIServerList [v1/operator.openshift.io]

The following table describes the parameters for OpenShiftAPIServerList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

OpenShiftAPIServer array

List of openshiftapiservers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

OpenShiftControllerManager v1 operator.openshift.io

Appears in

OpenShiftControllerManagerList [operator.openshift.io/v1]

Definitions

OpenShiftControllerManager [v1/operator.openshift.io]

The following table describes the parameters for the OpenShiftControllerManager object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

status

object

OpenShiftControllerManagerList [v1/operator.openshift.io]

The following table describes the parameters for OpenShiftControllerManagerList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

OpenShiftControllerManager array

List of openshiftcontrollermanagers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

ServiceCA v1 operator.openshift.io

Appears in

ServiceCAList [operator.openshift.io/v1]

Definitions

ServiceCA [v1/operator.openshift.io]

The following table describes the parameters for the ServiceCA object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec holds user settable values for configuration

status

object

status holds observed values from the cluster. They may not be overridden.

ServiceCAList [v1/operator.openshift.io]

The following table describes the parameters for ServiceCAList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

ServiceCA array

List of servicecas. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

ServiceCatalogAPIServer v1 operator.openshift.io

Appears in

ServiceCatalogAPIServerList [operator.openshift.io/v1]

Definitions

ServiceCatalogAPIServer [v1/operator.openshift.io]

The following table describes the parameters for the ServiceCatalogAPIServer object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

status

object

ServiceCatalogAPIServerList [v1/operator.openshift.io]

The following table describes the parameters for ServiceCatalogAPIServerList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

ServiceCatalogAPIServer array

List of servicecatalogapiservers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

ServiceCatalogControllerManager v1 operator.openshift.io

Appears in

ServiceCatalogControllerManagerList [operator.openshift.io/v1]

Definitions

ServiceCatalogControllerManager [v1/operator.openshift.io]

The following table describes the parameters for the ServiceCatalogControllerManager object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

status

object

ServiceCatalogControllerManagerList [v1/operator.openshift.io]

The following table describes the parameters for ServiceCatalogControllerManagerList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

ServiceCatalogControllerManager array

List of servicecatalogcontrollermanagers. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

CatalogSource v1alpha1 operators.coreos.com

Appears in

CatalogSourceList [operators.coreos.com/v1alpha1]

Definitions

CatalogSource [v1alpha1/operators.coreos.com]

The following table describes the parameters for the CatalogSource object:

Field

Type

Description

CatalogSourceList [v1alpha1/operators.coreos.com]

The following table describes the parameters for CatalogSourceList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

CatalogSource array

List of catalogsources. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

CatalogSourceConfig v1 operators.coreos.com

Appears in

CatalogSourceConfigList [operators.coreos.com/v1]

Definitions

CatalogSourceConfig [v1/operators.coreos.com]

The following table describes the parameters for the CatalogSourceConfig object:

Field

Type

Description

CatalogSourceConfigList [v1/operators.coreos.com]

The following table describes the parameters for CatalogSourceConfigList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

CatalogSourceConfig array

List of catalogsourceconfigs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

ClusterServiceVersion v1alpha1 operators.coreos.com

Appears in

ClusterServiceVersionList [operators.coreos.com/v1alpha1]

Definitions

ClusterServiceVersion [v1alpha1/operators.coreos.com]

The following table describes the parameters for the ClusterServiceVersion object:

Field

Type

Description

ClusterServiceVersionList [v1alpha1/operators.coreos.com]

The following table describes the parameters for ClusterServiceVersionList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

ClusterServiceVersion array

List of clusterserviceversions. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

InstallPlan v1alpha1 operators.coreos.com

Appears in

InstallPlanList [operators.coreos.com/v1alpha1]

Definitions

InstallPlan [v1alpha1/operators.coreos.com]

The following table describes the parameters for the InstallPlan object:

Field

Type

Description

InstallPlanList [v1alpha1/operators.coreos.com]

The following table describes the parameters for InstallPlanList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

InstallPlan array

List of installplans. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

OperatorGroup v1 operators.coreos.com

Appears in

OperatorGroupList [operators.coreos.com/v1]

Definitions

OperatorGroup [v1/operators.coreos.com]

The following table describes the parameters for the OperatorGroup object:

Field

Type

Description

OperatorGroupList [v1/operators.coreos.com]

The following table describes the parameters for OperatorGroupList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

OperatorGroup array

List of operatorgroups. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

OperatorSource v1 operators.coreos.com

Appears in

OperatorSourceList [operators.coreos.com/v1]

Definitions

OperatorSource [v1/operators.coreos.com]

The following table describes the parameters for the OperatorSource object:

Field

Type

Description

OperatorSourceList [v1/operators.coreos.com]

The following table describes the parameters for OperatorSourceList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

OperatorSource array

List of operatorsources. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

Subscription v1alpha1 operators.coreos.com

Appears in

SubscriptionList [operators.coreos.com/v1alpha1]

Definitions

Subscription [v1alpha1/operators.coreos.com]

The following table describes the parameters for the Subscription object:

Field

Type

Description

SubscriptionList [v1alpha1/operators.coreos.com]

The following table describes the parameters for SubscriptionList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Subscription array

List of subscriptions. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

Operations

PackageManifest v1 packages.operators.coreos.com

Appears in

PackageManifestList [packages.operators.coreos.com/v1]

Definitions

PackageManifest [v1/packages.operators.coreos.com]

The following table describes the parameters for the PackageManifest object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

spec

PackageManifestSpec

status

PackageManifestStatus

PackageManifestSpec [v1/packages.operators.coreos.com]

The following table describes the parameters for PackageManifestSpec object:

Field

Type

Description

PackageManifestStatus [v1/packages.operators.coreos.com]

The following table describes the parameters for PackageManifestStatus object:

Field Type Description

catalogSource

string

CatalogSource is the name of the CatalogSource this package belongs to

catalogSourceDisplayName

string

catalogSourceNamespace

string

CatalogSourceNamespace is the namespace of the owning CatalogSource

catalogSourcePublisher

string

channels

PackageChannel array

Channels are the declared channels for the package, ala stable or alpha.

defaultChannel

string

DefaultChannel is, if specified, the name of the default channel for the package. The default channel will be installed if no other channel is explicitly given. If the package has a single channel, then that channel is implicitly the default.

packageName

string

PackageName is the name of the overall package, ala etcd.

provider

AppLink

Provider is the provider of the PackageManifest’s default CSV

PackageManifestList [v1/packages.operators.coreos.com]

The following table describes the parameters for PackageManifestList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

PackageManifest array

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

AppLink [v1/packages.operators.coreos.com]

The following table describes the parameters for AppLink object:

Field Type Description

name

string

url

string

PackageChannel [v1/packages.operators.coreos.com]

The following table describes the parameters for PackageChannel object:

Field Type Description

currentCSV

string

CurrentCSV defines a reference to the CSV holding the version of this package currently for the channel.

currentCSVDesc

CSVDescription

CurrentCSVSpec holds the spec of the current CSV

name

string

Name is the name of the channel, e.g. alpha or stable

CSVDescription [v1/packages.operators.coreos.com]

The following table describes the parameters for CSVDescription object:

Field Type Description

annotations

object

apiservicedefinitions

APIServiceDefinitions

customresourcedefinitions

CustomResourceDefinitions

description

string

LongDescription is the CSV’s description

displayName

string

DisplayName is the CSV’s display name

icon

Icon array

Icon is the CSV’s base64 encoded icon

installModes

InstallMode array

InstallModes specify supported installation types

provider

AppLink

Provider is the CSV’s provider

version

Version is the CSV’s semantic version

InstallMode [v1alpha1/packages.operators.coreos.com]

The following table describes the parameters for InstallMode object:

Field Type Description

supported

boolean

type

string

Icon [v1/packages.operators.coreos.com]

The following table describes the parameters for Icon object:

Field Type Description

base64data

string

mediatype

string

CustomResourceDefinitions [v1alpha1/packages.operators.coreos.com]

The following table describes the parameters for CustomResourceDefinitions object:

Field Type Description

owned

CRDDescription array

required

CRDDescription array

CRDDescription [v1alpha1/packages.operators.coreos.com]

The following table describes the parameters for CRDDescription object:

Field Type Description

actionDescriptors

ActionDescriptor array

description

string

displayName

string

kind

string

name

string

resources

APIResourceReference array

specDescriptors

SpecDescriptor array

statusDescriptors

StatusDescriptor array

version

string

StatusDescriptor [v1alpha1/packages.operators.coreos.com]

The following table describes the parameters for StatusDescriptor object:

Field Type Description

description

string

displayName

string

path

string

value

string

x-descriptors

string array

SpecDescriptor [v1alpha1/packages.operators.coreos.com]

The following table describes the parameters for SpecDescriptor object:

Field Type Description

description

string

displayName

string

path

string

value

string

x-descriptors

string array

APIResourceReference [v1alpha1/packages.operators.coreos.com]

The following table describes the parameters for APIResourceReference object:

Field Type Description

kind

string

name

string

version

string

ActionDescriptor [v1alpha1/packages.operators.coreos.com]

The following table describes the parameters for ActionDescriptor object:

Field Type Description

description

string

displayName

string

path

string

value

string

x-descriptors

string array

APIServiceDefinitions [v1alpha1/packages.operators.coreos.com]

The following table describes the parameters for APIServiceDefinitions object:

Field Type Description

owned

APIServiceDescription array

required

APIServiceDescription array

APIServiceDescription [v1alpha1/packages.operators.coreos.com]

The following table describes the parameters for APIServiceDescription object:

Field Type Description

actionDescriptors

ActionDescriptor array

containerPort

integer

deploymentName

string

description

string

displayName

string

group

string

kind

string

name

string

resources

APIResourceReference array

specDescriptors

SpecDescriptor array

statusDescriptors

StatusDescriptor array

version

string

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

PodDisruptionBudget v1beta1 policy

Appears in

PodDisruptionBudgetList [policy/v1beta1]

Definitions

PodDisruptionBudget [v1beta1/policy]

The following table describes the parameters for the PodDisruptionBudget object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

spec

PodDisruptionBudgetSpec

Specification of the desired behavior of the PodDisruptionBudget.

status

PodDisruptionBudgetStatus

Most recently observed status of the PodDisruptionBudget.

PodDisruptionBudgetSpec [v1beta1/policy]

The following table describes the parameters for PodDisruptionBudgetSpec object:

Field Type Description

maxUnavailable

An eviction is allowed if at most "maxUnavailable" pods selected by "selector" are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with "minAvailable".

minAvailable

An eviction is allowed if at least "minAvailable" pods selected by "selector" will still be available after the eviction, i.e. even in the absence of the evicted pod. So for example you can prevent all voluntary evictions by specifying "100%".

selector

LabelSelector

Label query over pods whose evictions are managed by the disruption budget.

PodDisruptionBudgetStatus [v1beta1/policy]

The following table describes the parameters for PodDisruptionBudgetStatus object:

Field Type Description

currentHealthy

integer

current number of healthy pods

desiredHealthy

integer

minimum desired number of healthy pods

disruptedPods

object

DisruptedPods contains information about pods whose eviction was processed by the API server eviction subresource handler but has not yet been observed by the PodDisruptionBudget controller. A pod will be in this map from the time when the API server processed the eviction request to the time when the pod is seen by PDB controller as having been marked for deletion (or after a timeout). The key in the map is the name of the pod and the value is the time when the API server processed the eviction request. If the deletion didn’t occur and a pod is still there it will be removed from the list automatically by PodDisruptionBudget controller after some time. If everything goes smooth this map should be empty for the most of the time. Large number of entries in the map may indicate problems with pod deletions.

disruptionsAllowed

integer

Number of pod disruptions that are currently allowed.

expectedPods

integer

total number of pods counted by this disruption budget

observedGeneration

integer

Most recent generation observed when updating this PDB status. PodDisruptionsAllowed and other status informatio is valid only if observedGeneration equals to PDB’s object generation.

PodDisruptionBudgetList [v1beta1/policy]

The following table describes the parameters for PodDisruptionBudgetList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

PodDisruptionBudget array

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

LabelSelector [v1/meta]

The following table describes the parameters for LabelSelector object:

Field Type Description

matchExpressions

LabelSelectorRequirement array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchLabels

object

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

LabelSelectorRequirement [v1/meta]

The following table describes the parameters for LabelSelectorRequirement object:

Field Type Description

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

string array

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a PodDisruptionBudget

HTTP request

post /apis/policy/v1beta1/namespaces/{namespace}/poddisruptionbudgets

Table 1845. HTTP body
Object	Type
`body`	PodDisruptionBudget

Table 1846. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1847. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1848. HTTP responses
Code	Type
200 - OK	PodDisruptionBudget
201 - Created	PodDisruptionBudget
202 - Accepted	PodDisruptionBudget

Patch

partially update the specified PodDisruptionBudget

HTTP request

patch /apis/policy/v1beta1/namespaces/{namespace}/poddisruptionbudgets/{name}

Table 1849. HTTP body
Object	Type
`body`	Patch

Table 1850. Path parameters
Parameter	Description
`name`	name of the PodDisruptionBudget
`namespace`	object name and auth scope, such as for teams and projects

Table 1851. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1852. HTTP responses
Code	Type
200 - OK	PodDisruptionBudget

Replace

replace the specified PodDisruptionBudget

HTTP request

put /apis/policy/v1beta1/namespaces/{namespace}/poddisruptionbudgets/{name}

Table 1853. HTTP body
Object	Type
`body`	PodDisruptionBudget

Table 1854. Path parameters
Parameter	Description
`name`	name of the PodDisruptionBudget
`namespace`	object name and auth scope, such as for teams and projects

Table 1855. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1856. HTTP responses
Code	Type
200 - OK	PodDisruptionBudget
201 - Created	PodDisruptionBudget

Delete

delete a PodDisruptionBudget

HTTP request

delete /apis/policy/v1beta1/namespaces/{namespace}/poddisruptionbudgets/{name}

Table 1857. HTTP body
Object	Type
`body`	DeleteOptions

Table 1858. Path parameters
Parameter	Description
`name`	name of the PodDisruptionBudget
`namespace`	object name and auth scope, such as for teams and projects

Table 1859. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 1860. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of PodDisruptionBudget

HTTP request

delete /apis/policy/v1beta1/namespaces/{namespace}/poddisruptionbudgets

Table 1861. HTTP body
Object	Type
`body`	DeleteOptions

Table 1862. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1863. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1864. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified PodDisruptionBudget

HTTP request

get /apis/policy/v1beta1/namespaces/{namespace}/poddisruptionbudgets/{name}

Table 1865. Path parameters
Parameter	Description
`name`	name of the PodDisruptionBudget
`namespace`	object name and auth scope, such as for teams and projects

Table 1866. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 1867. HTTP responses
Code	Type
200 - OK	PodDisruptionBudget

List

list or watch objects of kind PodDisruptionBudget

HTTP request

get /apis/policy/v1beta1/namespaces/{namespace}/poddisruptionbudgets

Table 1868. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1869. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1870. HTTP responses
Code	Type
200 - OK	PodDisruptionBudgetList

List All Namespaces

list or watch objects of kind PodDisruptionBudget

HTTP request

get /apis/policy/v1beta1/poddisruptionbudgets

Table 1871. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1872. HTTP responses
Code	Type
200 - OK	PodDisruptionBudgetList

Watch

watch changes to an object of kind PodDisruptionBudget. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /apis/policy/v1beta1/watch/namespaces/{namespace}/poddisruptionbudgets/{name}

Table 1873. Path parameters
Parameter	Description
`name`	name of the PodDisruptionBudget
`namespace`	object name and auth scope, such as for teams and projects

Table 1874. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1875. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of PodDisruptionBudget. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/policy/v1beta1/watch/namespaces/{namespace}/poddisruptionbudgets

Table 1876. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1877. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1878. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List All Namespaces

watch individual changes to a list of PodDisruptionBudget. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/policy/v1beta1/watch/poddisruptionbudgets

Table 1879. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1880. HTTP responses
Code	Type
200 - OK	WatchEvent

Status Operations

Patch Status

partially update status of the specified PodDisruptionBudget

HTTP request

patch /apis/policy/v1beta1/namespaces/{namespace}/poddisruptionbudgets/{name}/status

Table 1881. HTTP body
Object	Type
`body`	Patch

Table 1882. Path parameters
Parameter	Description
`name`	name of the PodDisruptionBudget
`namespace`	object name and auth scope, such as for teams and projects

Table 1883. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1884. HTTP responses
Code	Type
200 - OK	PodDisruptionBudget

Read Status

read status of the specified PodDisruptionBudget

HTTP request

get /apis/policy/v1beta1/namespaces/{namespace}/poddisruptionbudgets/{name}/status

Table 1885. Path parameters
Parameter	Description
`name`	name of the PodDisruptionBudget
`namespace`	object name and auth scope, such as for teams and projects

Table 1886. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 1887. HTTP responses
Code	Type
200 - OK	PodDisruptionBudget

Replace Status

replace status of the specified PodDisruptionBudget

HTTP request

put /apis/policy/v1beta1/namespaces/{namespace}/poddisruptionbudgets/{name}/status

Table 1888. HTTP body
Object	Type
`body`	PodDisruptionBudget

Table 1889. Path parameters
Parameter	Description
`name`	name of the PodDisruptionBudget
`namespace`	object name and auth scope, such as for teams and projects

Table 1890. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1891. HTTP responses
Code	Type
200 - OK	PodDisruptionBudget
201 - Created	PodDisruptionBudget

PodSecurityPolicy v1beta1 policy

Appears in

PodSecurityPolicyList [policy/v1beta1]

Definitions

PodSecurityPolicy [v1beta1/policy]

The following table describes the parameters for the PodSecurityPolicy object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

PodSecurityPolicySpec

spec defines the policy enforced.

PodSecurityPolicySpec [v1beta1/policy]

The following table describes the parameters for PodSecurityPolicySpec object:

Field Type Description

allowPrivilegeEscalation

boolean

allowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.

allowedCSIDrivers

AllowedCSIDriver array

AllowedCSIDrivers is a whitelist of inline CSI drivers that must be explicitly set to be embedded within a pod spec. An empty value indicates that any CSI driver can be used for inline ephemeral volumes. This is an alpha field, and is only honored if the API server enables the CSIInlineVolume feature gate.

allowedCapabilities

string array

allowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field may be added at the pod author’s discretion. You must not list a capability in both allowedCapabilities and requiredDropCapabilities.

allowedFlexVolumes

AllowedFlexVolume array

allowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the "volumes" field.

allowedHostPaths

AllowedHostPath array

allowedHostPaths is a white list of allowed host paths. Empty indicates that all host paths may be used.

allowedProcMountTypes

string array

AllowedProcMountTypes is a whitelist of allowed ProcMountTypes. Empty or nil indicates that only the DefaultProcMountType may be used. This requires the ProcMountType feature flag to be enabled.

allowedUnsafeSysctls

string array

allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.

Examples: e.g. "foo/" allows "foo/bar", "foo/baz", etc. e.g. "foo.*" allows "foo.bar", "foo.baz", etc.

defaultAddCapabilities

string array

defaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capability in both defaultAddCapabilities and requiredDropCapabilities. Capabilities added here are implicitly allowed, and need not be included in the allowedCapabilities list.

defaultAllowPrivilegeEscalation

boolean

defaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.

forbiddenSysctls

string array

forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.

Examples: e.g. "foo/" forbids "foo/bar", "foo/baz", etc. e.g. "foo.*" forbids "foo.bar", "foo.baz", etc.

fsGroup

FSGroupStrategyOptions

fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.

hostIPC

boolean

hostIPC determines if the policy allows the use of HostIPC in the pod spec.

hostNetwork

boolean

hostNetwork determines if the policy allows the use of HostNetwork in the pod spec.

hostPID

boolean

hostPID determines if the policy allows the use of HostPID in the pod spec.

hostPorts

HostPortRange array

hostPorts determines which host port ranges are allowed to be exposed.

privileged

boolean

privileged determines if a pod can request to be run as privileged.

readOnlyRootFilesystem

boolean

readOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the PSP should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.

requiredDropCapabilities

string array

requiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added.

runAsGroup

RunAsGroupStrategyOptions

RunAsGroup is the strategy that will dictate the allowable RunAsGroup values that may be set. If this field is omitted, the pod’s RunAsGroup can take any value. This field requires the RunAsGroup feature gate to be enabled.

runAsUser

RunAsUserStrategyOptions

runAsUser is the strategy that will dictate the allowable RunAsUser values that may be set.

runtimeClass

RuntimeClassStrategyOptions

runtimeClass is the strategy that will dictate the allowable RuntimeClasses for a pod. If this field is omitted, the pod’s runtimeClassName field is unrestricted. Enforcement of this field depends on the RuntimeClass feature gate being enabled.

seLinux

SELinuxStrategyOptions

seLinux is the strategy that will dictate the allowable labels that may be set.

supplementalGroups

SupplementalGroupsStrategyOptions

supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.

volumes

string array

volumes is a white list of allowed volume plugins. Empty indicates that no volumes may be used. To allow all volumes you may use '*'.

PodSecurityPolicyList [v1beta1/policy]

The following table describes the parameters for PodSecurityPolicyList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

PodSecurityPolicy array

items is a list of schema objects.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

SupplementalGroupsStrategyOptions [v1beta1/policy]

The following table describes the parameters for SupplementalGroupsStrategyOptions object:

Field Type Description

ranges

IDRange array

ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end. Required for MustRunAs.

rule

string

rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.

IDRange [v1beta1/policy]

The following table describes the parameters for IDRange object:

Field Type Description

max

integer

max is the end of the range, inclusive.

min

integer

min is the start of the range, inclusive.

SELinuxStrategyOptions [v1beta1/policy]

The following table describes the parameters for SELinuxStrategyOptions object:

Field Type Description

rule

string

rule is the strategy that will dictate the allowable labels that may be set.

seLinuxOptions

SELinuxOptions

seLinuxOptions required to run as; required for MustRunAs More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

SELinuxOptions [v1/core]

The following table describes the parameters for SELinuxOptions object:

Field Type Description

level

string

Level is SELinux level label that applies to the container.

role

string

Role is a SELinux role label that applies to the container.

type

string

Type is a SELinux type label that applies to the container.

user

string

User is a SELinux user label that applies to the container.

RuntimeClassStrategyOptions [v1beta1/policy]

The following table describes the parameters for RuntimeClassStrategyOptions object:

Field Type Description

allowedRuntimeClassNames

string array

allowedRuntimeClassNames is a whitelist of RuntimeClass names that may be specified on a pod. A value of "*" means that any RuntimeClass name is allowed, and must be the only item in the list. An empty list requires the RuntimeClassName field to be unset.

defaultRuntimeClassName

string

defaultRuntimeClassName is the default RuntimeClassName to set on the pod. The default MUST be allowed by the allowedRuntimeClassNames list. A value of nil does not mutate the Pod.

RunAsUserStrategyOptions [v1beta1/policy]

The following table describes the parameters for RunAsUserStrategyOptions object:

Field Type Description

ranges

IDRange array

ranges are the allowed ranges of uids that may be used. If you would like to force a single uid then supply a single range with the same start and end. Required for MustRunAs.

rule

string

rule is the strategy that will dictate the allowable RunAsUser values that may be set.

RunAsGroupStrategyOptions [v1beta1/policy]

The following table describes the parameters for RunAsGroupStrategyOptions object:

Field Type Description

ranges

IDRange array

ranges are the allowed ranges of gids that may be used. If you would like to force a single gid then supply a single range with the same start and end. Required for MustRunAs.

rule

string

rule is the strategy that will dictate the allowable RunAsGroup values that may be set.

HostPortRange [v1beta1/policy]

The following table describes the parameters for HostPortRange object:

Field Type Description

max

integer

max is the end of the range, inclusive.

min

integer

min is the start of the range, inclusive.

FSGroupStrategyOptions [v1beta1/policy]

The following table describes the parameters for FSGroupStrategyOptions object:

Field Type Description

ranges

IDRange array

ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end. Required for MustRunAs.

rule

string

rule is the strategy that will dictate what FSGroup is used in the SecurityContext.

AllowedHostPath [v1beta1/policy]

The following table describes the parameters for AllowedHostPath object:

Field Type Description

pathPrefix

string

pathPrefix is the path prefix that the host volume must match. It does not support *. Trailing slashes are trimmed when validating the path prefix with a host path.

Examples: /foo would allow /foo, /foo/ and /foo/bar /foo would not allow /food or /etc/foo

readOnly

boolean

when set to true, will allow host volumes matching the pathPrefix only if all volume mounts are readOnly.

AllowedFlexVolume [v1beta1/policy]

The following table describes the parameters for AllowedFlexVolume object:

Field Type Description

driver

string

driver is the name of the Flexvolume driver.

AllowedCSIDriver [v1beta1/policy]

The following table describes the parameters for AllowedCSIDriver object:

Field Type Description

name

string

Name is the registered name of the CSI driver

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a PodSecurityPolicy

HTTP request

post /apis/policy/v1beta1/podsecuritypolicies

Table 1892. HTTP body
Object	Type
`body`	PodSecurityPolicy

Table 1893. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1894. HTTP responses
Code	Type
200 - OK	PodSecurityPolicy
201 - Created	PodSecurityPolicy
202 - Accepted	PodSecurityPolicy

Patch

partially update the specified PodSecurityPolicy

HTTP request

patch /apis/policy/v1beta1/podsecuritypolicies/{name}

Table 1895. HTTP body
Object	Type
`body`	Patch

Table 1896. Path parameters
Parameter	Description
`name`	name of the PodSecurityPolicy

Table 1897. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1898. HTTP responses
Code	Type
200 - OK	PodSecurityPolicy

Replace

replace the specified PodSecurityPolicy

HTTP request

put /apis/policy/v1beta1/podsecuritypolicies/{name}

Table 1899. HTTP body
Object	Type
`body`	PodSecurityPolicy

Table 1900. Path parameters
Parameter	Description
`name`	name of the PodSecurityPolicy

Table 1901. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1902. HTTP responses
Code	Type
200 - OK	PodSecurityPolicy
201 - Created	PodSecurityPolicy

Delete

delete a PodSecurityPolicy

HTTP request

delete /apis/policy/v1beta1/podsecuritypolicies/{name}

Table 1903. HTTP body
Object	Type
`body`	DeleteOptions

Table 1904. Path parameters
Parameter	Description
`name`	name of the PodSecurityPolicy

Table 1905. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 1906. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of PodSecurityPolicy

HTTP request

delete /apis/policy/v1beta1/podsecuritypolicies

Table 1907. HTTP body
Object	Type
`body`	DeleteOptions

Table 1908. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1909. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified PodSecurityPolicy

HTTP request

get /apis/policy/v1beta1/podsecuritypolicies/{name}

Table 1910. Path parameters
Parameter	Description
`name`	name of the PodSecurityPolicy

Table 1911. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 1912. HTTP responses
Code	Type
200 - OK	PodSecurityPolicy

List

list or watch objects of kind PodSecurityPolicy

HTTP request

get /apis/policy/v1beta1/podsecuritypolicies

Table 1913. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1914. HTTP responses
Code	Type
200 - OK	PodSecurityPolicyList

Watch

watch changes to an object of kind PodSecurityPolicy. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /apis/policy/v1beta1/watch/podsecuritypolicies/{name}

Table 1915. Path parameters
Parameter	Description
`name`	name of the PodSecurityPolicy

Table 1916. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1917. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of PodSecurityPolicy. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/policy/v1beta1/watch/podsecuritypolicies

Table 1918. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1919. HTTP responses
Code	Type
200 - OK	WatchEvent

Project v1 project.openshift.io

Appears in

ProjectList [project.openshift.io/v1]

Definitions

Project [v1/project.openshift.io]

The following table describes the parameters for the Project object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

spec

ProjectSpec

Spec defines the behavior of the Namespace.

status

ProjectStatus

Status describes the current status of a Namespace

ProjectSpec [v1/project.openshift.io]

The following table describes the parameters for ProjectSpec object:

Field Type Description

finalizers

string array

Finalizers is an opaque list of values that must be empty to permanently remove object from storage

ProjectStatus [v1/project.openshift.io]

The following table describes the parameters for ProjectStatus object:

Field Type Description

conditions

NamespaceCondition array

Represents the latest available observations of the project current state.

phase

string

Phase is the current lifecycle phase of the project

ProjectList [v1/project.openshift.io]

The following table describes the parameters for ProjectList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Project array

Items is the list of projects

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

NamespaceCondition [v1/core]

The following table describes the parameters for NamespaceCondition object:

Field Type Description

lastTransitionTime

Time

message

string

reason

string

status

string

Status of the condition, one of True, False, Unknown.

type

string

Type of namespace controller condition.

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

ObjectMeta_v2 [v1/meta]

The following table describes the parameters for ObjectMeta_v2 object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

ProjectRequest v1 project.openshift.io

Definitions

ProjectRequest [v1/project.openshift.io]

The following table describes the parameters for the ProjectRequest object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

description

string

Description is the description to apply to a project

displayName

string

DisplayName is the display name to apply to a project

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

ObjectMeta_v2 [v1/meta]

The following table describes the parameters for ObjectMeta_v2 object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

AppliedClusterResourceQuota v1 quota.openshift.io

Appears in

AppliedClusterResourceQuotaList [quota.openshift.io/v1]

Definitions

AppliedClusterResourceQuota [v1/quota.openshift.io]

The following table describes the parameters for the AppliedClusterResourceQuota object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

spec

ClusterResourceQuotaSpec

Spec defines the desired quota

status

ClusterResourceQuotaStatus

Status defines the actual enforced quota and its current usage

AppliedClusterResourceQuotaList [v1/quota.openshift.io]

The following table describes the parameters for AppliedClusterResourceQuotaList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

AppliedClusterResourceQuota array

Items is a list of AppliedClusterResourceQuota

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

ClusterResourceQuotaStatus [v1/quota.openshift.io]

The following table describes the parameters for ClusterResourceQuotaStatus object:

Field Type Description

namespaces

ResourceQuotaStatusByNamespace array

Namespaces slices the usage by project. This division allows for quick resolution of deletion reconciliation inside of a single project without requiring a recalculation across all projects. This can be used to pull the deltas for a given project.

total

ResourceQuotaStatus

Total defines the actual enforced quota and its current usage across all projects

ResourceQuotaStatus [v1/core]

The following table describes the parameters for ResourceQuotaStatus object:

Field Type Description

hard

object

Hard is the set of enforced hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/

used

object

Used is the current observed total usage of the resource in the namespace.

ResourceQuotaStatusByNamespace [v1/quota.openshift.io]

The following table describes the parameters for ResourceQuotaStatusByNamespace object:

Field Type Description

namespace

string

Namespace the project this status applies to

status

ResourceQuotaStatus

Status indicates how many resources have been consumed by this project

ClusterResourceQuotaSpec [v1/quota.openshift.io]

The following table describes the parameters for ClusterResourceQuotaSpec object:

Field Type Description

quota

ResourceQuotaSpec

Quota defines the desired quota

selector

ClusterResourceQuotaSelector

Selector is the selector used to match projects. It should only select active projects on the scale of dozens (though it can select many more less active projects). These projects will contend on object creation through this resource.

ClusterResourceQuotaSelector [v1/quota.openshift.io]

The following table describes the parameters for ClusterResourceQuotaSelector object:

Field Type Description

annotations

object

AnnotationSelector is used to select projects by annotation.

labels

LabelSelector

LabelSelector is used to select projects by label.

LabelSelector [v1/meta]

The following table describes the parameters for LabelSelector object:

Field Type Description

matchExpressions

LabelSelectorRequirement array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchLabels

object

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

LabelSelectorRequirement [v1/meta]

The following table describes the parameters for LabelSelectorRequirement object:

Field Type Description

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

string array

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

ResourceQuotaSpec [v1/core]

The following table describes the parameters for ResourceQuotaSpec object:

Field Type Description

hard

object

hard is the set of desired hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/

scopeSelector

ScopeSelector

scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota but expressed using ScopeSelectorOperator in combination with possible values. For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched.

scopes

string array

A collection of filters that must match each object tracked by a quota. If not specified, the quota matches all objects.

ScopeSelector [v1/core]

The following table describes the parameters for ScopeSelector object:

Field Type Description

matchExpressions

ScopedResourceSelectorRequirement array

A list of scope selector requirements by scope of the resources.

ScopedResourceSelectorRequirement [v1/core]

The following table describes the parameters for ScopedResourceSelectorRequirement object:

Field Type Description

operator

string

Represents a scope’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist.

scopeName

string

The name of the scope that the selector applies to.

values

string array

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

ObjectMeta_v2 [v1/meta]

The following table describes the parameters for ObjectMeta_v2 object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

ClusterResourceQuota v1 quota.openshift.io

Appears in

ClusterResourceQuotaList [quota.openshift.io/v1]

Definitions

ClusterResourceQuota [v1/quota.openshift.io]

The following table describes the parameters for the ClusterResourceQuota object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

Spec defines the desired quota

status

object

Status defines the actual enforced quota and its current usage

ClusterResourceQuotaSpec [v1/quota.openshift.io]

The following table describes the parameters for ClusterResourceQuotaSpec object:

Field Type Description

quota

ResourceQuotaSpec

Quota defines the desired quota

selector

ClusterResourceQuotaSelector

Selector is the selector used to match projects. It should only select active projects on the scale of dozens (though it can select many more less active projects). These projects will contend on object creation through this resource.

ClusterResourceQuotaStatus [v1/quota.openshift.io]

The following table describes the parameters for ClusterResourceQuotaStatus object:

Field Type Description

namespaces

ResourceQuotaStatusByNamespace array

Namespaces slices the usage by project. This division allows for quick resolution of deletion reconciliation inside of a single project without requiring a recalculation across all projects. This can be used to pull the deltas for a given project.

total

ResourceQuotaStatus

Total defines the actual enforced quota and its current usage across all projects

ClusterResourceQuotaList [v1/quota.openshift.io]

The following table describes the parameters for ClusterResourceQuotaList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

ClusterResourceQuota array

List of clusterresourcequotas. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

ClusterRole v1 rbac

Appears in

ClusterRoleList [rbac/v1]

Definitions

ClusterRole [v1/rbac]

The following table describes the parameters for the ClusterRole object:

Field Type Description

aggregationRule

AggregationRule

AggregationRule is an optional field that describes how to build the Rules for this ClusterRole. If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be stomped by the controller.

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata.

rules

PolicyRule array

Rules holds all the PolicyRules for this ClusterRole

ClusterRoleList [v1/rbac]

The following table describes the parameters for ClusterRoleList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

ClusterRole array

Items is a list of ClusterRoles

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard object’s metadata.

PolicyRule [v1/rbac]

The following table describes the parameters for PolicyRule object:

Field Type Description

apiGroups

string array

APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed.

nonResourceURLs

string array

NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.

resourceNames

string array

ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.

resources

string array

Resources is a list of resources this rule applies to. ResourceAll represents all resources.

verbs

string array

Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

AggregationRule [v1/rbac]

The following table describes the parameters for AggregationRule object:

Field Type Description

clusterRoleSelectors

LabelSelector array

ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules. If any of the selectors match, then the ClusterRole’s permissions will be added

LabelSelector [v1/meta]

The following table describes the parameters for LabelSelector object:

Field Type Description

matchExpressions

LabelSelectorRequirement array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchLabels

object

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

LabelSelectorRequirement [v1/meta]

The following table describes the parameters for LabelSelectorRequirement object:

Field Type Description

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

string array

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

Operations

Write Operations

Create

create a ClusterRole

HTTP request

post /apis/rbac.authorization.k8s.io/v1/clusterroles

Table 1920. HTTP body
Object	Type
`body`	ClusterRole

Table 1921. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1922. HTTP responses
Code	Type
200 - OK	ClusterRole
201 - Created	ClusterRole
202 - Accepted	ClusterRole

Patch

partially update the specified ClusterRole

HTTP request

patch /apis/rbac.authorization.k8s.io/v1/clusterroles/{name}

Table 1923. HTTP body
Object	Type
`body`	Patch

Table 1924. Path parameters
Parameter	Description
`name`	name of the ClusterRole

Table 1925. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1926. HTTP responses
Code	Type
200 - OK	ClusterRole

Replace

replace the specified ClusterRole

HTTP request

put /apis/rbac.authorization.k8s.io/v1/clusterroles/{name}

Table 1927. HTTP body
Object	Type
`body`	ClusterRole

Table 1928. Path parameters
Parameter	Description
`name`	name of the ClusterRole

Table 1929. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1930. HTTP responses
Code	Type
200 - OK	ClusterRole
201 - Created	ClusterRole

Delete

delete a ClusterRole

HTTP request

delete /apis/rbac.authorization.k8s.io/v1/clusterroles/{name}

Table 1931. HTTP body
Object	Type
`body`	DeleteOptions

Table 1932. Path parameters
Parameter	Description
`name`	name of the ClusterRole

Table 1933. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 1934. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of ClusterRole

HTTP request

delete /apis/rbac.authorization.k8s.io/v1/clusterroles

Table 1935. HTTP body
Object	Type
`body`	DeleteOptions

Table 1936. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1937. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified ClusterRole

HTTP request

get /apis/rbac.authorization.k8s.io/v1/clusterroles/{name}

Table 1938. Path parameters
Parameter	Description
`name`	name of the ClusterRole

Table 1939. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 1940. HTTP responses
Code	Type
200 - OK	ClusterRole

List

list or watch objects of kind ClusterRole

HTTP request

get /apis/rbac.authorization.k8s.io/v1/clusterroles

Table 1941. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1942. HTTP responses
Code	Type
200 - OK	ClusterRoleList

Watch

watch changes to an object of kind ClusterRole. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /apis/rbac.authorization.k8s.io/v1/watch/clusterroles/{name}

Table 1943. Path parameters
Parameter	Description
`name`	name of the ClusterRole

Table 1944. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1945. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of ClusterRole. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/rbac.authorization.k8s.io/v1/watch/clusterroles

Table 1946. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1947. HTTP responses
Code	Type
200 - OK	WatchEvent

ClusterRoleBinding v1 rbac

Appears in

ClusterRoleBindingList [rbac/v1]

Definitions

ClusterRoleBinding [v1/rbac]

The following table describes the parameters for the ClusterRoleBinding object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata.

roleRef

RoleRef

RoleRef can only reference a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error.

subjects

Subject array

Subjects holds references to the objects the role applies to.

ClusterRoleBindingList [v1/rbac]

The following table describes the parameters for ClusterRoleBindingList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

ClusterRoleBinding array

Items is a list of ClusterRoleBindings

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard object’s metadata.

Subject [v1/rbac]

The following table describes the parameters for Subject object:

Field Type Description

apiGroup

string

APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects.

kind

string

Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error.

name

string

Name of the object being referenced.

namespace

string

Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error.

RoleRef [v1/rbac]

The following table describes the parameters for RoleRef object:

Field Type Description

apiGroup

string

APIGroup is the group for the resource being referenced

kind

string

Kind is the type of resource being referenced

name

string

Name is the name of resource being referenced

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a ClusterRoleBinding

HTTP request

post /apis/rbac.authorization.k8s.io/v1/clusterrolebindings

Table 1948. HTTP body
Object	Type
`body`	ClusterRoleBinding

Table 1949. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1950. HTTP responses
Code	Type
200 - OK	ClusterRoleBinding
201 - Created	ClusterRoleBinding
202 - Accepted	ClusterRoleBinding

Patch

partially update the specified ClusterRoleBinding

HTTP request

patch /apis/rbac.authorization.k8s.io/v1/clusterrolebindings/{name}

Table 1951. HTTP body
Object	Type
`body`	Patch

Table 1952. Path parameters
Parameter	Description
`name`	name of the ClusterRoleBinding

Table 1953. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1954. HTTP responses
Code	Type
200 - OK	ClusterRoleBinding

Replace

replace the specified ClusterRoleBinding

HTTP request

put /apis/rbac.authorization.k8s.io/v1/clusterrolebindings/{name}

Table 1955. HTTP body
Object	Type
`body`	ClusterRoleBinding

Table 1956. Path parameters
Parameter	Description
`name`	name of the ClusterRoleBinding

Table 1957. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1958. HTTP responses
Code	Type
200 - OK	ClusterRoleBinding
201 - Created	ClusterRoleBinding

Delete

delete a ClusterRoleBinding

HTTP request

delete /apis/rbac.authorization.k8s.io/v1/clusterrolebindings/{name}

Table 1959. HTTP body
Object	Type
`body`	DeleteOptions

Table 1960. Path parameters
Parameter	Description
`name`	name of the ClusterRoleBinding

Table 1961. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 1962. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of ClusterRoleBinding

HTTP request

delete /apis/rbac.authorization.k8s.io/v1/clusterrolebindings

Table 1963. HTTP body
Object	Type
`body`	DeleteOptions

Table 1964. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1965. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified ClusterRoleBinding

HTTP request

get /apis/rbac.authorization.k8s.io/v1/clusterrolebindings/{name}

Table 1966. Path parameters
Parameter	Description
`name`	name of the ClusterRoleBinding

Table 1967. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 1968. HTTP responses
Code	Type
200 - OK	ClusterRoleBinding

List

list or watch objects of kind ClusterRoleBinding

HTTP request

get /apis/rbac.authorization.k8s.io/v1/clusterrolebindings

Table 1969. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1970. HTTP responses
Code	Type
200 - OK	ClusterRoleBindingList

Watch

watch changes to an object of kind ClusterRoleBinding. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /apis/rbac.authorization.k8s.io/v1/watch/clusterrolebindings/{name}

Table 1971. Path parameters
Parameter	Description
`name`	name of the ClusterRoleBinding

Table 1972. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1973. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of ClusterRoleBinding. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/rbac.authorization.k8s.io/v1/watch/clusterrolebindings

Table 1974. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1975. HTTP responses
Code	Type
200 - OK	WatchEvent

Role v1 rbac

Appears in

RoleList [rbac/v1]

Definitions

Role [v1/rbac]

The following table describes the parameters for the Role object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata.

rules

PolicyRule array

Rules holds all the PolicyRules for this Role

RoleList [v1/rbac]

The following table describes the parameters for RoleList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Role array

Items is a list of Roles

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard object’s metadata.

PolicyRule [v1/rbac]

The following table describes the parameters for PolicyRule object:

Field Type Description

apiGroups

string array

APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed.

nonResourceURLs

string array

NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.

resourceNames

string array

ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.

resources

string array

Resources is a list of resources this rule applies to. ResourceAll represents all resources.

verbs

string array

Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a Role

HTTP request

post /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/roles

Table 1976. HTTP body
Object	Type
`body`	Role

Table 1977. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1978. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1979. HTTP responses
Code	Type
200 - OK	Role
201 - Created	Role
202 - Accepted	Role

Patch

partially update the specified Role

HTTP request

patch /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/roles/{name}

Table 1980. HTTP body
Object	Type
`body`	Patch

Table 1981. Path parameters
Parameter	Description
`name`	name of the Role
`namespace`	object name and auth scope, such as for teams and projects

Table 1982. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 1983. HTTP responses
Code	Type
200 - OK	Role

Replace

replace the specified Role

HTTP request

put /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/roles/{name}

Table 1984. HTTP body
Object	Type
`body`	Role

Table 1985. Path parameters
Parameter	Description
`name`	name of the Role
`namespace`	object name and auth scope, such as for teams and projects

Table 1986. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 1987. HTTP responses
Code	Type
200 - OK	Role
201 - Created	Role

Delete

delete a Role

HTTP request

delete /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/roles/{name}

Table 1988. HTTP body
Object	Type
`body`	DeleteOptions

Table 1989. Path parameters
Parameter	Description
`name`	name of the Role
`namespace`	object name and auth scope, such as for teams and projects

Table 1990. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 1991. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of Role

HTTP request

delete /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/roles

Table 1992. HTTP body
Object	Type
`body`	DeleteOptions

Table 1993. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 1994. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 1995. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified Role

HTTP request

get /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/roles/{name}

Table 1996. Path parameters
Parameter	Description
`name`	name of the Role
`namespace`	object name and auth scope, such as for teams and projects

Table 1997. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 1998. HTTP responses
Code	Type
200 - OK	Role

List

list or watch objects of kind Role

HTTP request

get /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/roles

Table 1999. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 2000. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 2001. HTTP responses
Code	Type
200 - OK	RoleList

List All Namespaces

list or watch objects of kind Role

HTTP request

get /apis/rbac.authorization.k8s.io/v1/roles

Table 2002. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 2003. HTTP responses
Code	Type
200 - OK	RoleList

Watch

watch changes to an object of kind Role. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /apis/rbac.authorization.k8s.io/v1/watch/namespaces/{namespace}/roles/{name}

Table 2004. Path parameters
Parameter	Description
`name`	name of the Role
`namespace`	object name and auth scope, such as for teams and projects

Table 2005. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 2006. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of Role. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/rbac.authorization.k8s.io/v1/watch/namespaces/{namespace}/roles

Table 2007. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 2008. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 2009. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List All Namespaces

watch individual changes to a list of Role. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/rbac.authorization.k8s.io/v1/watch/roles

Table 2010. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 2011. HTTP responses
Code	Type
200 - OK	WatchEvent

RoleBinding v1 rbac

Appears in

RoleBindingList [rbac/v1]

Definitions

RoleBinding [v1/rbac]

The following table describes the parameters for the RoleBinding object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata.

roleRef

RoleRef

RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error.

subjects

Subject array

Subjects holds references to the objects the role applies to.

RoleBindingList [v1/rbac]

The following table describes the parameters for RoleBindingList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

RoleBinding array

Items is a list of RoleBindings

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard object’s metadata.

Subject [v1/rbac]

The following table describes the parameters for Subject object:

Field Type Description

apiGroup

string

APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects.

kind

string

Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error.

name

string

Name of the object being referenced.

namespace

string

Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error.

RoleRef [v1/rbac]

The following table describes the parameters for RoleRef object:

Field Type Description

apiGroup

string

APIGroup is the group for the resource being referenced

kind

string

Kind is the type of resource being referenced

name

string

Name is the name of resource being referenced

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a RoleBinding

HTTP request

post /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/rolebindings

Table 2012. HTTP body
Object	Type
`body`	RoleBinding

Table 2013. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 2014. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 2015. HTTP responses
Code	Type
200 - OK	RoleBinding
201 - Created	RoleBinding
202 - Accepted	RoleBinding

Patch

partially update the specified RoleBinding

HTTP request

patch /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/rolebindings/{name}

Table 2016. HTTP body
Object	Type
`body`	Patch

Table 2017. Path parameters
Parameter	Description
`name`	name of the RoleBinding
`namespace`	object name and auth scope, such as for teams and projects

Table 2018. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 2019. HTTP responses
Code	Type
200 - OK	RoleBinding

Replace

replace the specified RoleBinding

HTTP request

put /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/rolebindings/{name}

Table 2020. HTTP body
Object	Type
`body`	RoleBinding

Table 2021. Path parameters
Parameter	Description
`name`	name of the RoleBinding
`namespace`	object name and auth scope, such as for teams and projects

Table 2022. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 2023. HTTP responses
Code	Type
200 - OK	RoleBinding
201 - Created	RoleBinding

Delete

delete a RoleBinding

HTTP request

delete /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/rolebindings/{name}

Table 2024. HTTP body
Object	Type
`body`	DeleteOptions

Table 2025. Path parameters
Parameter	Description
`name`	name of the RoleBinding
`namespace`	object name and auth scope, such as for teams and projects

Table 2026. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 2027. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of RoleBinding

HTTP request

delete /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/rolebindings

Table 2028. HTTP body
Object	Type
`body`	DeleteOptions

Table 2029. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 2030. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 2031. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified RoleBinding

HTTP request

get /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/rolebindings/{name}

Table 2032. Path parameters
Parameter	Description
`name`	name of the RoleBinding
`namespace`	object name and auth scope, such as for teams and projects

Table 2033. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 2034. HTTP responses
Code	Type
200 - OK	RoleBinding

List

list or watch objects of kind RoleBinding

HTTP request

get /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/rolebindings

Table 2035. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 2036. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 2037. HTTP responses
Code	Type
200 - OK	RoleBindingList

List All Namespaces

list or watch objects of kind RoleBinding

HTTP request

get /apis/rbac.authorization.k8s.io/v1/rolebindings

Table 2038. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 2039. HTTP responses
Code	Type
200 - OK	RoleBindingList

Watch

watch changes to an object of kind RoleBinding. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /apis/rbac.authorization.k8s.io/v1/watch/namespaces/{namespace}/rolebindings/{name}

Table 2040. Path parameters
Parameter	Description
`name`	name of the RoleBinding
`namespace`	object name and auth scope, such as for teams and projects

Table 2041. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 2042. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of RoleBinding. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/rbac.authorization.k8s.io/v1/watch/namespaces/{namespace}/rolebindings

Table 2043. Path parameters
Parameter	Description
`namespace`	object name and auth scope, such as for teams and projects

Table 2044. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 2045. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List All Namespaces

watch individual changes to a list of RoleBinding. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/rbac.authorization.k8s.io/v1/watch/rolebindings

Table 2046. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 2047. HTTP responses
Code	Type
200 - OK	WatchEvent

Route v1 route.openshift.io

Appears in

RouteList [route.openshift.io/v1]

Definitions

Route [v1/route.openshift.io]

The following table describes the parameters for the Route object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

spec

RouteSpec

spec is the desired state of the route

status

RouteStatus

status is the current state of the route

RouteSpec [v1/route.openshift.io]

The following table describes the parameters for RouteSpec object:

Field Type Description

alternateBackends

RouteTargetReference array

alternateBackends allows up to 3 additional backends to be assigned to the route. Only the Service kind is allowed, and it will be defaulted to Service. Use the weight field in RouteTargetReference object to specify relative preference.

host

string

host is an alias/DNS that points to the service. Optional. If not specified a route name will typically be automatically chosen. Must follow DNS952 subdomain conventions.

path

string

path that the router watches for, to route traffic for to the service. Optional

port

RoutePort

If specified, the port to be used by the router. Most routers will use all endpoints exposed by the service by default - set this value to instruct routers which port to use.

subdomain

string

subdomain is a DNS subdomain that is requested within the ingress controller’s domain (as a subdomain). If host is set this field is ignored. An ingress controller may choose to ignore this suggested name, in which case the controller will report the assigned name in the status.ingress array or refuse to admit the route. If this value is set and the server does not support this field host will be populated automatically. Otherwise host is left empty. The field may have multiple parts separated by a dot, but not all ingress controllers may honor the request. This field may not be changed after creation except by a user with the update routes/custom-host permission.

Example: subdomain frontend automatically receives the router subdomain apps.mycluster.com to have a full hostname frontend.apps.mycluster.com.

tls

TLSConfig

The tls field provides the ability to configure certificates and termination for the route.

to

RouteTargetReference

to is an object the route should use as the primary backend. Only the Service kind is allowed, and it will be defaulted to Service. If the weight field (0-256 default 100) is set to zero, no traffic will be sent to this backend.

wildcardPolicy

string

Wildcard policy if any for the route. Currently only 'Subdomain' or 'None' is allowed.

RouteStatus [v1/route.openshift.io]

The following table describes the parameters for RouteStatus object:

Field Type Description

ingress

RouteIngress array

ingress describes the places where the route may be exposed. The list of ingress points may contain duplicate Host or RouterName values. Routes are considered live once they are Ready

RouteList [v1/route.openshift.io]

The following table describes the parameters for RouteList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Route array

items is a list of routes

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

RouteIngress [v1/route.openshift.io]

The following table describes the parameters for RouteIngress object:

Field Type Description

conditions

RouteIngressCondition array

Conditions is the state of the route, may be empty.

host

string

Host is the host string under which the route is exposed; this value is required

routerCanonicalHostname

string

CanonicalHostname is the external host name for the router that can be used as a CNAME for the host requested for this route. This value is optional and may not be set in all cases.

routerName

string

Name is a name chosen by the router to identify itself; this value is required

wildcardPolicy

string

Wildcard policy is the wildcard policy that was allowed where this route is exposed.

RouteIngressCondition [v1/route.openshift.io]

The following table describes the parameters for RouteIngressCondition object:

Field Type Description

lastTransitionTime

Time

RFC 3339 date and time when this condition last transitioned

message

string

Human readable message indicating details about last transition.

reason

string

(brief) reason for the condition’s last transition, and is usually a machine and human readable constant

status

string

Status is the status of the condition. Can be True, False, Unknown.

type

string

Type is the type of the condition. Currently only Ready.

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

TLSConfig [v1/route.openshift.io]

The following table describes the parameters for TLSConfig object:

Field Type Description

caCertificate

string

caCertificate provides the cert authority certificate contents

certificate

string

certificate provides certificate contents

destinationCACertificate

string

destinationCACertificate provides the contents of the ca certificate of the final destination. When using reencrypt termination this file should be provided in order to have routers use it for health checks on the secure connection. If this field is not specified, the router may provide its own destination CA and perform hostname validation using the short service name (service.namespace.svc), which allows infrastructure generated certificates to automatically verify.

insecureEdgeTerminationPolicy

string

insecureEdgeTerminationPolicy indicates the desired behavior for insecure connections to a route. While each router may make its own decisions on which ports to expose, this is normally port 80.

* Allow - traffic is sent to the server on the insecure port (default) * Disable - no traffic is allowed on the insecure port. * Redirect - clients are redirected to the secure port.

key

string

key provides key file contents

termination

string

termination indicates termination type.

RoutePort [v1/route.openshift.io]

The following table describes the parameters for RoutePort object:

Field Type Description

targetPort

The target port on pods selected by the service this route points to. If this is a string, it will be looked up as a named port in the target endpoints port list. Required

RouteTargetReference [v1/route.openshift.io]

The following table describes the parameters for RouteTargetReference object:

Field Type Description

kind

string

The kind of target that the route is referring to. Currently, only 'Service' is allowed

name

string

name of the service/target that is being referred to. e.g. name of the service

weight

integer

weight as an integer between 0 and 256, default 100, that specifies the target’s relative weight against other target reference objects. 0 suppresses requests to this backend.

ObjectMeta_v2 [v1/meta]

The following table describes the parameters for ObjectMeta_v2 object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Config v1 samples.operator.openshift.io

Appears in

ConfigList [samples.operator.openshift.io/v1]

Definitions

Config [v1/samples.operator.openshift.io]

The following table describes the parameters for the Config object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

ConfigSpec contains the desired configuration and state for the Samples Operator, controlling various behavior around the imagestreams and templates it creates/updates in the openshift namespace.

status

object

ConfigStatus contains the actual configuration in effect, as well as various details that describe the state of the Samples Operator.

ConfigList [v1/samples.operator.openshift.io]

The following table describes the parameters for ConfigList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Config array

List of configs. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

PriorityClass v1 scheduling

Appears in

PriorityClassList [scheduling/v1]

Definitions

PriorityClass [v1/scheduling]

The following table describes the parameters for the PriorityClass object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

description

string

description is an arbitrary string that usually provides guidelines on when this priority class should be used.

globalDefault

boolean

globalDefault specifies whether this PriorityClass should be considered as the default priority for pods that do not have any priority class. Only one PriorityClass can be marked as globalDefault. However, if more than one PriorityClasses exists with their globalDefault field set to true, the smallest value of such global default PriorityClasses will be used as the default priority.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

preemptionPolicy

string

PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. This field is alpha-level and is only honored by servers that enable the NonPreemptingPriority feature.

value

integer

The value of this priority class. This is the actual priority that pods receive when they have the name of this class in their pod spec.

PriorityClassList [v1/scheduling]

The following table describes the parameters for PriorityClassList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

PriorityClass array

items is the list of PriorityClasses

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a PriorityClass

HTTP request

post /apis/scheduling.k8s.io/v1/priorityclasses

Table 2048. HTTP body
Object	Type
`body`	PriorityClass

Table 2049. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 2050. HTTP responses
Code	Type
200 - OK	PriorityClass
201 - Created	PriorityClass
202 - Accepted	PriorityClass

Patch

partially update the specified PriorityClass

HTTP request

patch /apis/scheduling.k8s.io/v1/priorityclasses/{name}

Table 2051. HTTP body
Object	Type
`body`	Patch

Table 2052. Path parameters
Parameter	Description
`name`	name of the PriorityClass

Table 2053. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 2054. HTTP responses
Code	Type
200 - OK	PriorityClass

Replace

replace the specified PriorityClass

HTTP request

put /apis/scheduling.k8s.io/v1/priorityclasses/{name}

Table 2055. HTTP body
Object	Type
`body`	PriorityClass

Table 2056. Path parameters
Parameter	Description
`name`	name of the PriorityClass

Table 2057. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 2058. HTTP responses
Code	Type
200 - OK	PriorityClass
201 - Created	PriorityClass

Delete

delete a PriorityClass

HTTP request

delete /apis/scheduling.k8s.io/v1/priorityclasses/{name}

Table 2059. HTTP body
Object	Type
`body`	DeleteOptions

Table 2060. Path parameters
Parameter	Description
`name`	name of the PriorityClass

Table 2061. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 2062. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of PriorityClass

HTTP request

delete /apis/scheduling.k8s.io/v1/priorityclasses

Table 2063. HTTP body
Object	Type
`body`	DeleteOptions

Table 2064. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 2065. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified PriorityClass

HTTP request

get /apis/scheduling.k8s.io/v1/priorityclasses/{name}

Table 2066. Path parameters
Parameter	Description
`name`	name of the PriorityClass

Table 2067. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 2068. HTTP responses
Code	Type
200 - OK	PriorityClass

List

list or watch objects of kind PriorityClass

HTTP request

get /apis/scheduling.k8s.io/v1/priorityclasses

Table 2069. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 2070. HTTP responses
Code	Type
200 - OK	PriorityClassList

Watch

watch changes to an object of kind PriorityClass. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /apis/scheduling.k8s.io/v1/watch/priorityclasses/{name}

Table 2071. Path parameters
Parameter	Description
`name`	name of the PriorityClass

Table 2072. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 2073. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of PriorityClass. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/scheduling.k8s.io/v1/watch/priorityclasses

Table 2074. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 2075. HTTP responses
Code	Type
200 - OK	WatchEvent

PodSecurityPolicyReview v1 security.openshift.io

Definitions

PodSecurityPolicyReview [v1/security.openshift.io]

The following table describes the parameters for the PodSecurityPolicyReview object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

spec

PodSecurityPolicyReviewSpec

spec is the PodSecurityPolicy to check.

status

PodSecurityPolicyReviewStatus

status represents the current information/status for the PodSecurityPolicyReview.

PodSecurityPolicyReviewSpec [v1/security.openshift.io]

The following table describes the parameters for PodSecurityPolicyReviewSpec object:

Field Type Description

serviceAccountNames

string array

serviceAccountNames is an optional set of ServiceAccounts to run the check with. If serviceAccountNames is empty, the template.spec.serviceAccountName is used, unless it’s empty, in which case "default" is used instead. If serviceAccountNames is specified, template.spec.serviceAccountName is ignored.

template

PodTemplateSpec

template is the PodTemplateSpec to check. The template.spec.serviceAccountName field is used if serviceAccountNames is empty, unless the template.spec.serviceAccountName is empty, in which case "default" is used. If serviceAccountNames is specified, template.spec.serviceAccountName is ignored.

PodSecurityPolicyReviewStatus [v1/security.openshift.io]

The following table describes the parameters for PodSecurityPolicyReviewStatus object:

Field Type Description

allowedServiceAccounts

ServiceAccountPodSecurityPolicyReviewStatus array

allowedServiceAccounts returns the list of service accounts in this namespace that have the power to create the PodTemplateSpec.

ServiceAccountPodSecurityPolicyReviewStatus [v1/security.openshift.io]

The following table describes the parameters for ServiceAccountPodSecurityPolicyReviewStatus object:

Field Type Description

allowedBy

ObjectReference

allowedBy is a reference to the rule that allows the PodTemplateSpec. A rule can be a SecurityContextConstraint or a PodSecurityPolicy A nil, indicates that it was denied.

name

string

name contains the allowed and the denied ServiceAccount name

reason

string

A machine-readable description of why this operation is in the "Failure" status. If this value is empty there is no information available.

template

PodTemplateSpec

template is the PodTemplateSpec after the defaulting is applied.

PodTemplateSpec [v1/core]

The following table describes the parameters for PodTemplateSpec object:

Field Type Description

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

PodSpec

Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

PodSpec [v1/core]

The following table describes the parameters for PodSpec object:

Field Type Description

activeDeadlineSeconds

integer

Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.

affinity

Affinity

If specified, the pod’s scheduling constraints

automountServiceAccountToken

boolean

AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.

containers

Container array

List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.

dnsConfig

PodDNSConfig

Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.

dnsPolicy

string

Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.

enableServiceLinks

boolean

EnableServiceLinks indicates whether information about services should be injected into pod’s environment variables, matching the syntax of Docker links. Optional: Defaults to true.

ephemeralContainers

EphemeralContainer array

List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod’s ephemeralcontainers subresource. This field is alpha-level and is only honored by servers that enable the EphemeralContainers feature.

hostAliases

HostAlias array

HostAliases is an optional list of hosts and IPs that will be injected into the pod’s hosts file if specified. This is only valid for non-hostNetwork pods.

hostIPC

boolean

Use the host’s ipc namespace. Optional: Default to false.

hostNetwork

boolean

Host networking requested for this pod. Use the host’s network namespace. If this option is set, the ports that will be used must be specified. Default to false.

hostPID

boolean

Use the host’s pid namespace. Optional: Default to false.

hostname

string

Specifies the hostname of the Pod If not specified, the pod’s hostname will be set to a system-defined value.

imagePullSecrets

LocalObjectReference array

ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod

initContainers

Container array

List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

nodeName

string

NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.

nodeSelector

object

NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node’s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/

overhead

object

Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md This field is alpha-level as of Kubernetes v1.16, and is only honored by servers that enable the PodOverhead feature.

preemptionPolicy

string

PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. This field is alpha-level and is only honored by servers that enable the NonPreemptingPriority feature.

priority

integer

The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.

priorityClassName

string

If specified, indicates the pod’s priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.

readinessGates

PodReadinessGate array

If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md

restartPolicy

string

Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy

runtimeClassName

string

RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md This is a beta feature as of Kubernetes v1.14.

schedulerName

string

If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.

securityContext

PodSecurityContext

SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.

serviceAccount

string

DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.

serviceAccountName

string

ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

shareProcessNamespace

boolean

Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false. This field is beta-level and may be disabled with the PodShareProcessNamespace feature.

subdomain

string

If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not specified, the pod will not have a domainname at all.

terminationGracePeriodSeconds

integer

Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.

tolerations

Toleration array

If specified, the pod’s tolerations.

topologySpreadConstraints

TopologySpreadConstraint array

TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. This field is alpha-level and is only honored by clusters that enables the EvenPodsSpread feature. All topologySpreadConstraints are ANDed.

volumes

Volume array

List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes

Volume [v1/core]

The following table describes the parameters for Volume object:

Field Type Description

awsElasticBlockStore

AWSElasticBlockStoreVolumeSource

AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

azureDisk

AzureDiskVolumeSource

AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.

azureFile

AzureFileVolumeSource

AzureFile represents an Azure File Service mount on the host and bind mount to the pod.

cephfs

CephFSVolumeSource

CephFS represents a Ceph FS mount on the host that shares a pod’s lifetime

cinder

CinderVolumeSource

Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

configMap

ConfigMapVolumeSource

ConfigMap represents a configMap that should populate this volume

csi

CSIVolumeSource

CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature).

downwardAPI

DownwardAPIVolumeSource

DownwardAPI represents downward API about the pod that should populate this volume

emptyDir

EmptyDirVolumeSource

EmptyDir represents a temporary directory that shares a pod’s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir

fc

FCVolumeSource

FC represents a Fibre Channel resource that is attached to a kubelet’s host machine and then exposed to the pod.

flexVolume

FlexVolumeSource

FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.

flocker

FlockerVolumeSource

Flocker represents a Flocker volume attached to a kubelet’s host machine. This depends on the Flocker control service being running

gcePersistentDisk

GCEPersistentDiskVolumeSource

GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

gitRepo

GitRepoVolumeSource

GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod’s container.

glusterfs

GlusterfsVolumeSource

Glusterfs represents a Glusterfs mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md

hostPath

HostPathVolumeSource

HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

iscsi

ISCSIVolumeSource

ISCSI represents an ISCSI Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md

name

string

Volume’s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

nfs

NFSVolumeSource

NFS represents an NFS mount on the host that shares a pod’s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

persistentVolumeClaim

PersistentVolumeClaimVolumeSource

PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

photonPersistentDisk

PhotonPersistentDiskVolumeSource

PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine

portworxVolume

PortworxVolumeSource

PortworxVolume represents a portworx volume attached and mounted on kubelets host machine

projected

ProjectedVolumeSource

Items for all in one resources secrets, configmaps, and downward API

quobyte

QuobyteVolumeSource

Quobyte represents a Quobyte mount on the host that shares a pod’s lifetime

rbd

RBDVolumeSource

RBD represents a Rados Block Device mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md

scaleIO

ScaleIOVolumeSource

ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.

secret

SecretVolumeSource

Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret

storageos

StorageOSVolumeSource

StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.

vsphereVolume

VsphereVirtualDiskVolumeSource

VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine

VsphereVirtualDiskVolumeSource [v1/core]

The following table describes the parameters for VsphereVirtualDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

storagePolicyID

string

Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.

storagePolicyName

string

Storage Policy Based Management (SPBM) profile name.

volumePath

string

Path that identifies vSphere volume vmdk

StorageOSVolumeSource [v1/core]

The following table describes the parameters for StorageOSVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.

volumeName

string

VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.

volumeNamespace

string

VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod’s namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.

LocalObjectReference [v1/core]

The following table describes the parameters for LocalObjectReference object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

SecretVolumeSource [v1/core]

The following table describes the parameters for SecretVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

optional

boolean

Specify whether the Secret or its keys must be defined

secretName

string

Name of the secret in the pod’s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret

KeyToPath [v1/core]

The following table describes the parameters for KeyToPath object:

Field Type Description

key

string

The key to project.

mode

integer

Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

path

string

The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.

ScaleIOVolumeSource [v1/core]

The following table describes the parameters for ScaleIOVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".

gateway

string

The host address of the ScaleIO API Gateway.

protectionDomain

string

The name of the ScaleIO Protection Domain for the configured storage.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.

sslEnabled

boolean

Flag to enable/disable SSL communication with Gateway, default false

storageMode

string

Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.

storagePool

string

The ScaleIO Storage Pool associated with the protection domain.

system

string

The name of the storage system as configured in ScaleIO.

volumeName

string

The name of a volume already created in the ScaleIO system that is associated with this volume source.

RBDVolumeSource [v1/core]

The following table describes the parameters for RBDVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd

image

string

The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

keyring

string

Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

monitors

string array

A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

pool

string

The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

secretRef

LocalObjectReference

SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

user

string

The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

QuobyteVolumeSource [v1/core]

The following table describes the parameters for QuobyteVolumeSource object:

Field Type Description

group

string

Group to map volume access to Default is no group

readOnly

boolean

ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.

registry

string

Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes

tenant

string

Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin

user

string

User to map volume access to Defaults to serivceaccount user

volume

string

Volume is a string that references an already created Quobyte volume by name.

ProjectedVolumeSource [v1/core]

The following table describes the parameters for ProjectedVolumeSource object:

Field Type Description

defaultMode

integer

Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

sources

VolumeProjection array

list of volume projections

VolumeProjection [v1/core]

The following table describes the parameters for VolumeProjection object:

Field Type Description

configMap

ConfigMapProjection

information about the configMap data to project

downwardAPI

DownwardAPIProjection

information about the downwardAPI data to project

secret

SecretProjection

information about the secret data to project

serviceAccountToken

ServiceAccountTokenProjection

information about the serviceAccountToken data to project

ServiceAccountTokenProjection [v1/core]

The following table describes the parameters for ServiceAccountTokenProjection object:

Field Type Description

audience

string

Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.

expirationSeconds

integer

ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.

path

string

Path is the path relative to the mount point of the file to project the token into.

SecretProjection [v1/core]

The following table describes the parameters for SecretProjection object:

Field Type Description

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

DownwardAPIProjection [v1/core]

The following table describes the parameters for DownwardAPIProjection object:

Field Type Description

items

DownwardAPIVolumeFile array

Items is a list of DownwardAPIVolume file

DownwardAPIVolumeFile [v1/core]

The following table describes the parameters for DownwardAPIVolumeFile object:

Field Type Description

fieldRef

ObjectFieldSelector

Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.

mode

integer

Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

path

string

Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'

resourceFieldRef

ResourceFieldSelector

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.

ResourceFieldSelector [v1/core]

The following table describes the parameters for ResourceFieldSelector object:

Field Type Description

containerName

string

Container name: required for volumes, optional for env vars

divisor

Quantity

Specifies the output format of the exposed resources, defaults to "1"

resource

string

Required: resource to select

Quantity [resource/core]

The following table describes the parameters for Quantity object:

Field

Type

Description

ObjectFieldSelector [v1/core]

The following table describes the parameters for ObjectFieldSelector object:

Field Type Description

apiVersion

string

Version of the schema the FieldPath is written in terms of, defaults to "v1".

fieldPath

string

Path of the field to select in the specified API version.

ConfigMapProjection [v1/core]

The following table describes the parameters for ConfigMapProjection object:

Field Type Description

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its keys must be defined

PortworxVolumeSource [v1/core]

The following table describes the parameters for PortworxVolumeSource object:

Field Type Description

fsType

string

FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

volumeID

string

VolumeID uniquely identifies a Portworx volume

PhotonPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for PhotonPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

pdID

string

ID that identifies Photon Controller persistent disk

PersistentVolumeClaimVolumeSource [v1/core]

The following table describes the parameters for PersistentVolumeClaimVolumeSource object:

Field Type Description

claimName

string

ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

readOnly

boolean

Will force the ReadOnly setting in VolumeMounts. Default false.

NFSVolumeSource [v1/core]

The following table describes the parameters for NFSVolumeSource object:

Field Type Description

path

string

Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

readOnly

boolean

ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

server

string

Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

ISCSIVolumeSource [v1/core]

The following table describes the parameters for ISCSIVolumeSource object:

Field Type Description

chapAuthDiscovery

boolean

whether support iSCSI Discovery CHAP authentication

chapAuthSession

boolean

whether support iSCSI Session CHAP authentication

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi

initiatorName

string

Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.

iqn

string

Target iSCSI Qualified Name.

iscsiInterface

string

iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).

lun

integer

iSCSI Target Lun number.

portals

string array

iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.

secretRef

LocalObjectReference

CHAP Secret for iSCSI target and initiator authentication

targetPortal

string

iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

HostPathVolumeSource [v1/core]

The following table describes the parameters for HostPathVolumeSource object:

Field Type Description

path

string

Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

type

string

Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

GlusterfsVolumeSource [v1/core]

The following table describes the parameters for GlusterfsVolumeSource object:

Field Type Description

endpoints

string

EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

path

string

Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

readOnly

boolean

ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

GitRepoVolumeSource [v1/core]

The following table describes the parameters for GitRepoVolumeSource object:

Field Type Description

directory

string

Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.

repository

string

Repository URL

revision

string

Commit hash for the specified revision.

GCEPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for GCEPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

pdName

string

Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

FlockerVolumeSource [v1/core]

The following table describes the parameters for FlockerVolumeSource object:

Field Type Description

datasetName

string

Name of the dataset stored as metadata → name on the dataset for Flocker should be considered as deprecated

datasetUUID

string

UUID of the dataset. This is unique identifier of a Flocker dataset

FlexVolumeSource [v1/core]

The following table describes the parameters for FlexVolumeSource object:

Field Type Description

driver

string

Driver is the name of the driver to use for this volume.

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.

options

object

Optional: Extra command options if any.

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.

FCVolumeSource [v1/core]

The following table describes the parameters for FCVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

lun

integer

Optional: FC target lun number

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

targetWWNs

string array

Optional: FC target worldwide names (WWNs)

wwids

string array

Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.

EmptyDirVolumeSource [v1/core]

The following table describes the parameters for EmptyDirVolumeSource object:

Field Type Description

medium

string

What type of storage medium should back this directory. The default is "" which means to use the node’s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir

sizeLimit

Quantity

Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir

DownwardAPIVolumeSource [v1/core]

The following table describes the parameters for DownwardAPIVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

DownwardAPIVolumeFile array

Items is a list of downward API volume file

CSIVolumeSource [v1/core]

The following table describes the parameters for CSIVolumeSource object:

Field Type Description

driver

string

Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.

fsType

string

Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.

nodePublishSecretRef

LocalObjectReference

NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.

readOnly

boolean

Specifies a read-only configuration for the volume. Defaults to false (read/write).

volumeAttributes

object

VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver’s documentation for supported values.

ConfigMapVolumeSource [v1/core]

The following table describes the parameters for ConfigMapVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its keys must be defined

CinderVolumeSource [v1/core]

The following table describes the parameters for CinderVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

secretRef

LocalObjectReference

Optional: points to a secret object containing parameters used to connect to RHOSP.

volumeID

string

volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

CephFSVolumeSource [v1/core]

The following table describes the parameters for CephFSVolumeSource object:

Field Type Description

monitors

string array

Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

path

string

Optional: Used as the mounted root, rather than the full Ceph tree, default is /

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretFile

string

Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretRef

LocalObjectReference

Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

user

string

Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

AzureFileVolumeSource [v1/core]

The following table describes the parameters for AzureFileVolumeSource object:

Field Type Description

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretName

string

the name of secret that contains Azure Storage Account Name and Key

shareName

string

Share Name

AzureDiskVolumeSource [v1/core]

The following table describes the parameters for AzureDiskVolumeSource object:

Field Type Description

cachingMode

string

Host Caching mode: None, Read Only, Read Write.

diskName

string

The Name of the data disk in the blob storage

diskURI

string

The URI the data disk in the blob storage

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

kind

string

Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

AWSElasticBlockStoreVolumeSource [v1/core]

The following table describes the parameters for AWSElasticBlockStoreVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).

readOnly

boolean

Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

volumeID

string

Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

TopologySpreadConstraint [v1/core]

The following table describes the parameters for TopologySpreadConstraint object:

Field Type Description

labelSelector

LabelSelector

LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.

maxSkew

integer

MaxSkew describes the degree to which pods may be unevenly distributed. It’s the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0:

zone1

zone2

zone3

P

- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It’s a required field. Default value is 1 and 0 is not allowed.

topologyKey

string

TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. It’s a required field.

whenUnsatisfiable

string

WhenUnsatisfiable indicates how to deal with a pod if it doesn’t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It’s considered as "Unsatisfiable" if and only if placing incoming pod on any topology violates "MaxSkew". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1:

zone1

zone2

zone3

P P P

P

LabelSelector [v1/meta]

The following table describes the parameters for LabelSelector object:

Field Type Description

matchExpressions

LabelSelectorRequirement array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchLabels

object

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

LabelSelectorRequirement [v1/meta]

The following table describes the parameters for LabelSelectorRequirement object:

Field Type Description

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

string array

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

Toleration [v1/core]

The following table describes the parameters for Toleration object:

Field Type Description

effect

string

Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.

key

string

Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.

operator

string

Operator represents a key’s relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.

tolerationSeconds

integer

TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.

value

string

Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.

PodSecurityContext [v1/core]

The following table describes the parameters for PodSecurityContext object:

Field Type Description

fsGroup

integer

A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:

1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR’d with rw-rw----

If unset, the Kubelet will not modify the ownership and permissions of any volume.

runAsGroup

integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

runAsNonRoot

boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser

integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

seLinuxOptions

SELinuxOptions

The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

supplementalGroups

integer array

A list of groups applied to the first process run in each container, in addition to the container’s primary GID. If unspecified, no groups will be added to any container.

sysctls

Sysctl array

Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch.

windowsOptions

WindowsSecurityContextOptions

The Windows specific settings applied to all containers. If unspecified, the options within a container’s SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

WindowsSecurityContextOptions [v1/core]

The following table describes the parameters for WindowsSecurityContextOptions object:

Field Type Description

gmsaCredentialSpec

string

GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.

gmsaCredentialSpecName

string

GMSACredentialSpecName is the name of the GMSA credential spec to use. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.

runAsUserName

string

The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. This field is alpha-level and it is only honored by servers that enable the WindowsRunAsUserName feature flag.

Sysctl [v1/core]

The following table describes the parameters for Sysctl object:

Field Type Description

name

string

Name of a property to set

value

string

Value of a property to set

SELinuxOptions [v1/core]

The following table describes the parameters for SELinuxOptions object:

Field Type Description

level

string

Level is SELinux level label that applies to the container.

role

string

Role is a SELinux role label that applies to the container.

type

string

Type is a SELinux type label that applies to the container.

user

string

User is a SELinux user label that applies to the container.

PodReadinessGate [v1/core]

The following table describes the parameters for PodReadinessGate object:

Field Type Description

conditionType

string

ConditionType refers to a condition in the pod’s condition list with matching type.

HostAlias [v1/core]

The following table describes the parameters for HostAlias object:

Field Type Description

hostnames

string array

Hostnames for the above IP address.

ip

string

IP address of the host file entry.

EphemeralContainer [v1/core]

The following table describes the parameters for EphemeralContainer object:

Field Type Description

args

string array

Arguments to the entrypoint. The docker image’s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

command

string array

Entrypoint array. Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

env

EnvVar array

List of environment variables to set in the container. Cannot be updated.

envFrom

EnvFromSource array

List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.

image

string

Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images

imagePullPolicy

string

Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images

lifecycle

Lifecycle

Lifecycle is not allowed for ephemeral containers.

livenessProbe

Probe

Probes are not allowed for ephemeral containers.

name

string

Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.

ports

ContainerPort array

Ports are not allowed for ephemeral containers.

readinessProbe

Probe

Probes are not allowed for ephemeral containers.

resources

ResourceRequirements

Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.

securityContext

SecurityContext

SecurityContext is not allowed for ephemeral containers.

startupProbe

Probe

Probes are not allowed for ephemeral containers.

stdin

boolean

Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.

stdinOnce

boolean

Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false

targetContainerName

string

If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container is run in whatever namespaces are shared for the pod. Note that the container runtime must support this feature.

terminationMessagePath

string

Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.

terminationMessagePolicy

string

Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.

tty

boolean

Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.

volumeDevices

VolumeDevice array

volumeDevices is the list of block devices to be used by the container. This is a beta feature.

volumeMounts

VolumeMount array

Pod volumes to mount into the container’s filesystem. Cannot be updated.

workingDir

string

Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.

VolumeMount [v1/core]

The following table describes the parameters for VolumeMount object:

Field Type Description

mountPath

string

Path within the container at which the volume should be mounted. Must not contain ':'.

mountPropagation

string

mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.

name

string

This must match the Name of a Volume.

readOnly

boolean

Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.

subPath

string

Path within the volume from which the container’s volume should be mounted. Defaults to "" (volume’s root).

subPathExpr

string

Expanded path within the volume from which the container’s volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container’s environment. Defaults to "" (volume’s root). SubPathExpr and SubPath are mutually exclusive. This field is beta in 1.15.

VolumeDevice [v1/core]

The following table describes the parameters for VolumeDevice object:

Field Type Description

devicePath

string

devicePath is the path inside of the container that the device will be mapped to.

name

string

name must match the name of a persistentVolumeClaim in the pod

SecurityContext [v1/core]

The following table describes the parameters for SecurityContext object:

Field Type Description

allowPrivilegeEscalation

boolean

AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN

capabilities

Capabilities

The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.

privileged

boolean

Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.

procMount

string

procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.

readOnlyRootFilesystem

boolean

Whether this container has a read-only root filesystem. Default is false.

runAsGroup

integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsNonRoot

boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser

integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

seLinuxOptions

SELinuxOptions

The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

windowsOptions

WindowsSecurityContextOptions

The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

Capabilities [v1/core]

The following table describes the parameters for Capabilities object:

Field Type Description

add

string array

Added capabilities

drop

string array

Removed capabilities

ResourceRequirements [v1/core]

The following table describes the parameters for ResourceRequirements object:

Field Type Description

limits

object

Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

requests

object

Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

ContainerPort [v1/core]

The following table describes the parameters for ContainerPort object:

Field Type Description

containerPort

integer

Number of port to expose on the pod’s IP address. This must be a valid port number, 0 < x < 65536.

hostIP

string

What host IP to bind the external port to.

hostPort

integer

Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.

name

string

If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.

protocol

string

Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".

Probe [v1/core]

The following table describes the parameters for Probe object:

Field Type Description

exec

ExecAction

One and only one of the following should be specified. Exec specifies the action to take.

failureThreshold

integer

Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.

httpGet

HTTPGetAction

HTTPGet specifies the http request to perform.

initialDelaySeconds

integer

Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

periodSeconds

integer

How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.

successThreshold

integer

Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

tcpSocket

TCPSocketAction

TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported

timeoutSeconds

integer

Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

TCPSocketAction [v1/core]

The following table describes the parameters for TCPSocketAction object:

Field Type Description

host

string

Optional: Host name to connect to, defaults to the pod IP.

port

Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

HTTPGetAction [v1/core]

The following table describes the parameters for HTTPGetAction object:

Field Type Description

host

string

Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.

httpHeaders

HTTPHeader array

Custom headers to set in the request. HTTP allows repeated headers.

path

string

Path to access on the HTTP server.

port

Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

scheme

string

Scheme to use for connecting to the host. Defaults to HTTP.

HTTPHeader [v1/core]

The following table describes the parameters for HTTPHeader object:

Field Type Description

name

string

The header field name

value

string

The header field value

ExecAction [v1/core]

The following table describes the parameters for ExecAction object:

Field Type Description

command

string array

Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('

Lifecycle [v1/core]

The following table describes the parameters for Lifecycle object:

Field Type Description

postStart

Handler

PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

preStop

Handler

PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod’s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod’s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

Handler [v1/core]

The following table describes the parameters for Handler object:

Field Type Description

exec

ExecAction

One and only one of the following should be specified. Exec specifies the action to take.

httpGet

HTTPGetAction

HTTPGet specifies the http request to perform.

tcpSocket

TCPSocketAction

TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported

EnvFromSource [v1/core]

The following table describes the parameters for EnvFromSource object:

Field Type Description

configMapRef

ConfigMapEnvSource

The ConfigMap to select from

prefix

string

An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.

secretRef

SecretEnvSource

The Secret to select from

SecretEnvSource [v1/core]

The following table describes the parameters for SecretEnvSource object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret must be defined

ConfigMapEnvSource [v1/core]

The following table describes the parameters for ConfigMapEnvSource object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap must be defined

EnvVar [v1/core]

The following table describes the parameters for EnvVar object:

Field Type Description

name

string

Name of the environment variable. Must be a C_IDENTIFIER.

value

string

Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".

valueFrom

EnvVarSource

Source for the environment variable’s value. Cannot be used if value is not empty.

EnvVarSource [v1/core]

The following table describes the parameters for EnvVarSource object:

Field Type Description

configMapKeyRef

ConfigMapKeySelector

Selects a key of a ConfigMap.

fieldRef

ObjectFieldSelector

Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP.

resourceFieldRef

ResourceFieldSelector

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.

secretKeyRef

SecretKeySelector

Selects a key of a secret in the pod’s namespace

SecretKeySelector [v1/core]

The following table describes the parameters for SecretKeySelector object:

Field Type Description

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

ConfigMapKeySelector [v1/core]

The following table describes the parameters for ConfigMapKeySelector object:

Field Type Description

key

string

The key to select.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its key must be defined

PodDNSConfig [v1/core]

The following table describes the parameters for PodDNSConfig object:

Field Type Description

nameservers

string array

A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.

options

PodDNSConfigOption array

A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.

searches

string array

A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.

PodDNSConfigOption [v1/core]

The following table describes the parameters for PodDNSConfigOption object:

Field Type Description

name

string

Required.

value

string

Container [v1/core]

The following table describes the parameters for Container object:

Field Type Description

args

string array

Arguments to the entrypoint. The docker image’s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

command

string array

Entrypoint array. Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

env

EnvVar array

List of environment variables to set in the container. Cannot be updated.

envFrom

EnvFromSource array

List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.

image

string

Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.

imagePullPolicy

string

Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images

lifecycle

Lifecycle

Actions that the management system should take in response to container lifecycle events. Cannot be updated.

livenessProbe

Probe

Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

name

string

Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.

ports

ContainerPort array

List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated.

readinessProbe

Probe

Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

resources

ResourceRequirements

Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

securityContext

SecurityContext

Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

startupProbe

Probe

StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod’s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is an alpha feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

stdin

boolean

Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.

stdinOnce

boolean

Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false

terminationMessagePath

string

Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.

terminationMessagePolicy

string

Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.

tty

boolean

Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.

volumeDevices

VolumeDevice array

volumeDevices is the list of block devices to be used by the container. This is a beta feature.

volumeMounts

VolumeMount array

Pod volumes to mount into the container’s filesystem. Cannot be updated.

workingDir

string

Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.

Affinity [v1/core]

The following table describes the parameters for Affinity object:

Field Type Description

nodeAffinity

NodeAffinity

Describes node affinity scheduling rules for the pod.

podAffinity

PodAffinity

Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).

podAntiAffinity

PodAntiAffinity

Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).

PodAntiAffinity [v1/core]

The following table describes the parameters for PodAntiAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

WeightedPodAffinityTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

PodAffinityTerm array

If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

PodAffinityTerm [v1/core]

The following table describes the parameters for PodAffinityTerm object:

Field Type Description

labelSelector

LabelSelector

A label query over a set of resources, in this case pods.

namespaces

string array

namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod’s namespace"

topologyKey

string

This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.

WeightedPodAffinityTerm [v1/core]

The following table describes the parameters for WeightedPodAffinityTerm object:

Field Type Description

podAffinityTerm

PodAffinityTerm

Required. A pod affinity term, associated with the corresponding weight.

weight

integer

weight associated with matching the corresponding podAffinityTerm, in the range 1-100.

PodAffinity [v1/core]

The following table describes the parameters for PodAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

WeightedPodAffinityTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

PodAffinityTerm array

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

NodeAffinity [v1/core]

The following table describes the parameters for NodeAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

PreferredSchedulingTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

NodeSelector

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.

NodeSelector [v1/core]

The following table describes the parameters for NodeSelector object:

Field Type Description

nodeSelectorTerms

NodeSelectorTerm array

Required. A list of node selector terms. The terms are ORed.

NodeSelectorTerm [v1/core]

The following table describes the parameters for NodeSelectorTerm object:

Field Type Description

matchExpressions

NodeSelectorRequirement array

A list of node selector requirements by node’s labels.

matchFields

NodeSelectorRequirement array

A list of node selector requirements by node’s fields.

NodeSelectorRequirement [v1/core]

The following table describes the parameters for NodeSelectorRequirement object:

Field Type Description

key

string

The label key that the selector applies to.

operator

string

Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.

values

string array

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.

PreferredSchedulingTerm [v1/core]

The following table describes the parameters for PreferredSchedulingTerm object:

Field Type Description

preference

NodeSelectorTerm

A node selector term, associated with the corresponding weight.

weight

integer

Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

ObjectReference [v1/core]

The following table describes the parameters for ObjectReference object:

Field Type Description

apiVersion

string

API version of the referent.

fieldPath

string

If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

Operations

PodSecurityPolicySelfSubjectReview v1 security.openshift.io

Definitions

PodSecurityPolicySelfSubjectReview [v1/security.openshift.io]

The following table describes the parameters for the PodSecurityPolicySelfSubjectReview object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

spec

PodSecurityPolicySelfSubjectReviewSpec

spec defines specification the PodSecurityPolicySelfSubjectReview.

status

PodSecurityPolicySubjectReviewStatus

status represents the current information/status for the PodSecurityPolicySelfSubjectReview.

PodSecurityPolicySelfSubjectReviewSpec [v1/security.openshift.io]

The following table describes the parameters for PodSecurityPolicySelfSubjectReviewSpec object:

Field Type Description

template

PodTemplateSpec

template is the PodTemplateSpec to check.

PodSecurityPolicySubjectReviewStatus [v1/security.openshift.io]

The following table describes the parameters for PodSecurityPolicySubjectReviewStatus object:

Field Type Description

allowedBy

ObjectReference

allowedBy is a reference to the rule that allows the PodTemplateSpec. A rule can be a SecurityContextConstraint or a PodSecurityPolicy A nil, indicates that it was denied.

reason

string

A machine-readable description of why this operation is in the "Failure" status. If this value is empty there is no information available.

template

PodTemplateSpec

template is the PodTemplateSpec after the defaulting is applied.

PodTemplateSpec [v1/core]

The following table describes the parameters for PodTemplateSpec object:

Field Type Description

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

PodSpec

Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

PodSpec [v1/core]

The following table describes the parameters for PodSpec object:

Field Type Description

activeDeadlineSeconds

integer

Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.

affinity

Affinity

If specified, the pod’s scheduling constraints

automountServiceAccountToken

boolean

AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.

containers

Container array

List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.

dnsConfig

PodDNSConfig

Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.

dnsPolicy

string

Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.

enableServiceLinks

boolean

EnableServiceLinks indicates whether information about services should be injected into pod’s environment variables, matching the syntax of Docker links. Optional: Defaults to true.

ephemeralContainers

EphemeralContainer array

List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod’s ephemeralcontainers subresource. This field is alpha-level and is only honored by servers that enable the EphemeralContainers feature.

hostAliases

HostAlias array

HostAliases is an optional list of hosts and IPs that will be injected into the pod’s hosts file if specified. This is only valid for non-hostNetwork pods.

hostIPC

boolean

Use the host’s ipc namespace. Optional: Default to false.

hostNetwork

boolean

Host networking requested for this pod. Use the host’s network namespace. If this option is set, the ports that will be used must be specified. Default to false.

hostPID

boolean

Use the host’s pid namespace. Optional: Default to false.

hostname

string

Specifies the hostname of the Pod If not specified, the pod’s hostname will be set to a system-defined value.

imagePullSecrets

LocalObjectReference array

ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod

initContainers

Container array

List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

nodeName

string

NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.

nodeSelector

object

NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node’s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/

overhead

object

Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md This field is alpha-level as of Kubernetes v1.16, and is only honored by servers that enable the PodOverhead feature.

preemptionPolicy

string

PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. This field is alpha-level and is only honored by servers that enable the NonPreemptingPriority feature.

priority

integer

The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.

priorityClassName

string

If specified, indicates the pod’s priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.

readinessGates

PodReadinessGate array

If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md

restartPolicy

string

Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy

runtimeClassName

string

RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md This is a beta feature as of Kubernetes v1.14.

schedulerName

string

If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.

securityContext

PodSecurityContext

SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.

serviceAccount

string

DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.

serviceAccountName

string

ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

shareProcessNamespace

boolean

Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false. This field is beta-level and may be disabled with the PodShareProcessNamespace feature.

subdomain

string

If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not specified, the pod will not have a domainname at all.

terminationGracePeriodSeconds

integer

Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.

tolerations

Toleration array

If specified, the pod’s tolerations.

topologySpreadConstraints

TopologySpreadConstraint array

TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. This field is alpha-level and is only honored by clusters that enables the EvenPodsSpread feature. All topologySpreadConstraints are ANDed.

volumes

Volume array

List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes

Volume [v1/core]

The following table describes the parameters for Volume object:

Field Type Description

awsElasticBlockStore

AWSElasticBlockStoreVolumeSource

AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

azureDisk

AzureDiskVolumeSource

AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.

azureFile

AzureFileVolumeSource

AzureFile represents an Azure File Service mount on the host and bind mount to the pod.

cephfs

CephFSVolumeSource

CephFS represents a Ceph FS mount on the host that shares a pod’s lifetime

cinder

CinderVolumeSource

Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

configMap

ConfigMapVolumeSource

ConfigMap represents a configMap that should populate this volume

csi

CSIVolumeSource

CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature).

downwardAPI

DownwardAPIVolumeSource

DownwardAPI represents downward API about the pod that should populate this volume

emptyDir

EmptyDirVolumeSource

EmptyDir represents a temporary directory that shares a pod’s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir

fc

FCVolumeSource

FC represents a Fibre Channel resource that is attached to a kubelet’s host machine and then exposed to the pod.

flexVolume

FlexVolumeSource

FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.

flocker

FlockerVolumeSource

Flocker represents a Flocker volume attached to a kubelet’s host machine. This depends on the Flocker control service being running

gcePersistentDisk

GCEPersistentDiskVolumeSource

GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

gitRepo

GitRepoVolumeSource

GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod’s container.

glusterfs

GlusterfsVolumeSource

Glusterfs represents a Glusterfs mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md

hostPath

HostPathVolumeSource

HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

iscsi

ISCSIVolumeSource

ISCSI represents an ISCSI Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md

name

string

Volume’s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

nfs

NFSVolumeSource

NFS represents an NFS mount on the host that shares a pod’s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

persistentVolumeClaim

PersistentVolumeClaimVolumeSource

PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

photonPersistentDisk

PhotonPersistentDiskVolumeSource

PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine

portworxVolume

PortworxVolumeSource

PortworxVolume represents a portworx volume attached and mounted on kubelets host machine

projected

ProjectedVolumeSource

Items for all in one resources secrets, configmaps, and downward API

quobyte

QuobyteVolumeSource

Quobyte represents a Quobyte mount on the host that shares a pod’s lifetime

rbd

RBDVolumeSource

RBD represents a Rados Block Device mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md

scaleIO

ScaleIOVolumeSource

ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.

secret

SecretVolumeSource

Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret

storageos

StorageOSVolumeSource

StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.

vsphereVolume

VsphereVirtualDiskVolumeSource

VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine

VsphereVirtualDiskVolumeSource [v1/core]

The following table describes the parameters for VsphereVirtualDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

storagePolicyID

string

Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.

storagePolicyName

string

Storage Policy Based Management (SPBM) profile name.

volumePath

string

Path that identifies vSphere volume vmdk

StorageOSVolumeSource [v1/core]

The following table describes the parameters for StorageOSVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.

volumeName

string

VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.

volumeNamespace

string

VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod’s namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.

LocalObjectReference [v1/core]

The following table describes the parameters for LocalObjectReference object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

SecretVolumeSource [v1/core]

The following table describes the parameters for SecretVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

optional

boolean

Specify whether the Secret or its keys must be defined

secretName

string

Name of the secret in the pod’s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret

KeyToPath [v1/core]

The following table describes the parameters for KeyToPath object:

Field Type Description

key

string

The key to project.

mode

integer

Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

path

string

The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.

ScaleIOVolumeSource [v1/core]

The following table describes the parameters for ScaleIOVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".

gateway

string

The host address of the ScaleIO API Gateway.

protectionDomain

string

The name of the ScaleIO Protection Domain for the configured storage.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.

sslEnabled

boolean

Flag to enable/disable SSL communication with Gateway, default false

storageMode

string

Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.

storagePool

string

The ScaleIO Storage Pool associated with the protection domain.

system

string

The name of the storage system as configured in ScaleIO.

volumeName

string

The name of a volume already created in the ScaleIO system that is associated with this volume source.

RBDVolumeSource [v1/core]

The following table describes the parameters for RBDVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd

image

string

The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

keyring

string

Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

monitors

string array

A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

pool

string

The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

secretRef

LocalObjectReference

SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

user

string

The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

QuobyteVolumeSource [v1/core]

The following table describes the parameters for QuobyteVolumeSource object:

Field Type Description

group

string

Group to map volume access to Default is no group

readOnly

boolean

ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.

registry

string

Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes

tenant

string

Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin

user

string

User to map volume access to Defaults to serivceaccount user

volume

string

Volume is a string that references an already created Quobyte volume by name.

ProjectedVolumeSource [v1/core]

The following table describes the parameters for ProjectedVolumeSource object:

Field Type Description

defaultMode

integer

Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

sources

VolumeProjection array

list of volume projections

VolumeProjection [v1/core]

The following table describes the parameters for VolumeProjection object:

Field Type Description

configMap

ConfigMapProjection

information about the configMap data to project

downwardAPI

DownwardAPIProjection

information about the downwardAPI data to project

secret

SecretProjection

information about the secret data to project

serviceAccountToken

ServiceAccountTokenProjection

information about the serviceAccountToken data to project

ServiceAccountTokenProjection [v1/core]

The following table describes the parameters for ServiceAccountTokenProjection object:

Field Type Description

audience

string

Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.

expirationSeconds

integer

ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.

path

string

Path is the path relative to the mount point of the file to project the token into.

SecretProjection [v1/core]

The following table describes the parameters for SecretProjection object:

Field Type Description

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

DownwardAPIProjection [v1/core]

The following table describes the parameters for DownwardAPIProjection object:

Field Type Description

items

DownwardAPIVolumeFile array

Items is a list of DownwardAPIVolume file

DownwardAPIVolumeFile [v1/core]

The following table describes the parameters for DownwardAPIVolumeFile object:

Field Type Description

fieldRef

ObjectFieldSelector

Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.

mode

integer

Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

path

string

Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'

resourceFieldRef

ResourceFieldSelector

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.

ResourceFieldSelector [v1/core]

The following table describes the parameters for ResourceFieldSelector object:

Field Type Description

containerName

string

Container name: required for volumes, optional for env vars

divisor

Quantity

Specifies the output format of the exposed resources, defaults to "1"

resource

string

Required: resource to select

Quantity [resource/core]

The following table describes the parameters for Quantity object:

Field

Type

Description

ObjectFieldSelector [v1/core]

The following table describes the parameters for ObjectFieldSelector object:

Field Type Description

apiVersion

string

Version of the schema the FieldPath is written in terms of, defaults to "v1".

fieldPath

string

Path of the field to select in the specified API version.

ConfigMapProjection [v1/core]

The following table describes the parameters for ConfigMapProjection object:

Field Type Description

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its keys must be defined

PortworxVolumeSource [v1/core]

The following table describes the parameters for PortworxVolumeSource object:

Field Type Description

fsType

string

FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

volumeID

string

VolumeID uniquely identifies a Portworx volume

PhotonPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for PhotonPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

pdID

string

ID that identifies Photon Controller persistent disk

PersistentVolumeClaimVolumeSource [v1/core]

The following table describes the parameters for PersistentVolumeClaimVolumeSource object:

Field Type Description

claimName

string

ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

readOnly

boolean

Will force the ReadOnly setting in VolumeMounts. Default false.

NFSVolumeSource [v1/core]

The following table describes the parameters for NFSVolumeSource object:

Field Type Description

path

string

Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

readOnly

boolean

ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

server

string

Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

ISCSIVolumeSource [v1/core]

The following table describes the parameters for ISCSIVolumeSource object:

Field Type Description

chapAuthDiscovery

boolean

whether support iSCSI Discovery CHAP authentication

chapAuthSession

boolean

whether support iSCSI Session CHAP authentication

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi

initiatorName

string

Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.

iqn

string

Target iSCSI Qualified Name.

iscsiInterface

string

iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).

lun

integer

iSCSI Target Lun number.

portals

string array

iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.

secretRef

LocalObjectReference

CHAP Secret for iSCSI target and initiator authentication

targetPortal

string

iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

HostPathVolumeSource [v1/core]

The following table describes the parameters for HostPathVolumeSource object:

Field Type Description

path

string

Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

type

string

Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

GlusterfsVolumeSource [v1/core]

The following table describes the parameters for GlusterfsVolumeSource object:

Field Type Description

endpoints

string

EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

path

string

Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

readOnly

boolean

ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

GitRepoVolumeSource [v1/core]

The following table describes the parameters for GitRepoVolumeSource object:

Field Type Description

directory

string

Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.

repository

string

Repository URL

revision

string

Commit hash for the specified revision.

GCEPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for GCEPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

pdName

string

Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

FlockerVolumeSource [v1/core]

The following table describes the parameters for FlockerVolumeSource object:

Field Type Description

datasetName

string

Name of the dataset stored as metadata → name on the dataset for Flocker should be considered as deprecated

datasetUUID

string

UUID of the dataset. This is unique identifier of a Flocker dataset

FlexVolumeSource [v1/core]

The following table describes the parameters for FlexVolumeSource object:

Field Type Description

driver

string

Driver is the name of the driver to use for this volume.

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.

options

object

Optional: Extra command options if any.

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.

FCVolumeSource [v1/core]

The following table describes the parameters for FCVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

lun

integer

Optional: FC target lun number

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

targetWWNs

string array

Optional: FC target worldwide names (WWNs)

wwids

string array

Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.

EmptyDirVolumeSource [v1/core]

The following table describes the parameters for EmptyDirVolumeSource object:

Field Type Description

medium

string

What type of storage medium should back this directory. The default is "" which means to use the node’s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir

sizeLimit

Quantity

Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir

DownwardAPIVolumeSource [v1/core]

The following table describes the parameters for DownwardAPIVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

DownwardAPIVolumeFile array

Items is a list of downward API volume file

CSIVolumeSource [v1/core]

The following table describes the parameters for CSIVolumeSource object:

Field Type Description

driver

string

Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.

fsType

string

Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.

nodePublishSecretRef

LocalObjectReference

NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.

readOnly

boolean

Specifies a read-only configuration for the volume. Defaults to false (read/write).

volumeAttributes

object

VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver’s documentation for supported values.

ConfigMapVolumeSource [v1/core]

The following table describes the parameters for ConfigMapVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its keys must be defined

CinderVolumeSource [v1/core]

The following table describes the parameters for CinderVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

secretRef

LocalObjectReference

Optional: points to a secret object containing parameters used to connect to RHOSP.

volumeID

string

volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

CephFSVolumeSource [v1/core]

The following table describes the parameters for CephFSVolumeSource object:

Field Type Description

monitors

string array

Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

path

string

Optional: Used as the mounted root, rather than the full Ceph tree, default is /

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretFile

string

Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretRef

LocalObjectReference

Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

user

string

Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

AzureFileVolumeSource [v1/core]

The following table describes the parameters for AzureFileVolumeSource object:

Field Type Description

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretName

string

the name of secret that contains Azure Storage Account Name and Key

shareName

string

Share Name

AzureDiskVolumeSource [v1/core]

The following table describes the parameters for AzureDiskVolumeSource object:

Field Type Description

cachingMode

string

Host Caching mode: None, Read Only, Read Write.

diskName

string

The Name of the data disk in the blob storage

diskURI

string

The URI the data disk in the blob storage

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

kind

string

Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

AWSElasticBlockStoreVolumeSource [v1/core]

The following table describes the parameters for AWSElasticBlockStoreVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).

readOnly

boolean

Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

volumeID

string

Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

TopologySpreadConstraint [v1/core]

The following table describes the parameters for TopologySpreadConstraint object:

Field Type Description

labelSelector

LabelSelector

LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.

maxSkew

integer

MaxSkew describes the degree to which pods may be unevenly distributed. It’s the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0:

zone1

zone2

zone3

P

- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It’s a required field. Default value is 1 and 0 is not allowed.

topologyKey

string

TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. It’s a required field.

whenUnsatisfiable

string

WhenUnsatisfiable indicates how to deal with a pod if it doesn’t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It’s considered as "Unsatisfiable" if and only if placing incoming pod on any topology violates "MaxSkew". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1:

zone1

zone2

zone3

P P P

P

LabelSelector [v1/meta]

The following table describes the parameters for LabelSelector object:

Field Type Description

matchExpressions

LabelSelectorRequirement array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchLabels

object

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

LabelSelectorRequirement [v1/meta]

The following table describes the parameters for LabelSelectorRequirement object:

Field Type Description

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

string array

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

Toleration [v1/core]

The following table describes the parameters for Toleration object:

Field Type Description

effect

string

Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.

key

string

Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.

operator

string

Operator represents a key’s relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.

tolerationSeconds

integer

TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.

value

string

Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.

PodSecurityContext [v1/core]

The following table describes the parameters for PodSecurityContext object:

Field Type Description

fsGroup

integer

A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:

1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR’d with rw-rw----

If unset, the Kubelet will not modify the ownership and permissions of any volume.

runAsGroup

integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

runAsNonRoot

boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser

integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

seLinuxOptions

SELinuxOptions

The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

supplementalGroups

integer array

A list of groups applied to the first process run in each container, in addition to the container’s primary GID. If unspecified, no groups will be added to any container.

sysctls

Sysctl array

Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch.

windowsOptions

WindowsSecurityContextOptions

The Windows specific settings applied to all containers. If unspecified, the options within a container’s SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

WindowsSecurityContextOptions [v1/core]

The following table describes the parameters for WindowsSecurityContextOptions object:

Field Type Description

gmsaCredentialSpec

string

GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.

gmsaCredentialSpecName

string

GMSACredentialSpecName is the name of the GMSA credential spec to use. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.

runAsUserName

string

The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. This field is alpha-level and it is only honored by servers that enable the WindowsRunAsUserName feature flag.

Sysctl [v1/core]

The following table describes the parameters for Sysctl object:

Field Type Description

name

string

Name of a property to set

value

string

Value of a property to set

SELinuxOptions [v1/core]

The following table describes the parameters for SELinuxOptions object:

Field Type Description

level

string

Level is SELinux level label that applies to the container.

role

string

Role is a SELinux role label that applies to the container.

type

string

Type is a SELinux type label that applies to the container.

user

string

User is a SELinux user label that applies to the container.

PodReadinessGate [v1/core]

The following table describes the parameters for PodReadinessGate object:

Field Type Description

conditionType

string

ConditionType refers to a condition in the pod’s condition list with matching type.

HostAlias [v1/core]

The following table describes the parameters for HostAlias object:

Field Type Description

hostnames

string array

Hostnames for the above IP address.

ip

string

IP address of the host file entry.

EphemeralContainer [v1/core]

The following table describes the parameters for EphemeralContainer object:

Field Type Description

args

string array

Arguments to the entrypoint. The docker image’s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

command

string array

Entrypoint array. Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

env

EnvVar array

List of environment variables to set in the container. Cannot be updated.

envFrom

EnvFromSource array

List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.

image

string

Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images

imagePullPolicy

string

Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images

lifecycle

Lifecycle

Lifecycle is not allowed for ephemeral containers.

livenessProbe

Probe

Probes are not allowed for ephemeral containers.

name

string

Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.

ports

ContainerPort array

Ports are not allowed for ephemeral containers.

readinessProbe

Probe

Probes are not allowed for ephemeral containers.

resources

ResourceRequirements

Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.

securityContext

SecurityContext

SecurityContext is not allowed for ephemeral containers.

startupProbe

Probe

Probes are not allowed for ephemeral containers.

stdin

boolean

Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.

stdinOnce

boolean

Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false

targetContainerName

string

If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container is run in whatever namespaces are shared for the pod. Note that the container runtime must support this feature.

terminationMessagePath

string

Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.

terminationMessagePolicy

string

Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.

tty

boolean

Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.

volumeDevices

VolumeDevice array

volumeDevices is the list of block devices to be used by the container. This is a beta feature.

volumeMounts

VolumeMount array

Pod volumes to mount into the container’s filesystem. Cannot be updated.

workingDir

string

Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.

VolumeMount [v1/core]

The following table describes the parameters for VolumeMount object:

Field Type Description

mountPath

string

Path within the container at which the volume should be mounted. Must not contain ':'.

mountPropagation

string

mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.

name

string

This must match the Name of a Volume.

readOnly

boolean

Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.

subPath

string

Path within the volume from which the container’s volume should be mounted. Defaults to "" (volume’s root).

subPathExpr

string

Expanded path within the volume from which the container’s volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container’s environment. Defaults to "" (volume’s root). SubPathExpr and SubPath are mutually exclusive. This field is beta in 1.15.

VolumeDevice [v1/core]

The following table describes the parameters for VolumeDevice object:

Field Type Description

devicePath

string

devicePath is the path inside of the container that the device will be mapped to.

name

string

name must match the name of a persistentVolumeClaim in the pod

SecurityContext [v1/core]

The following table describes the parameters for SecurityContext object:

Field Type Description

allowPrivilegeEscalation

boolean

AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN

capabilities

Capabilities

The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.

privileged

boolean

Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.

procMount

string

procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.

readOnlyRootFilesystem

boolean

Whether this container has a read-only root filesystem. Default is false.

runAsGroup

integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsNonRoot

boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser

integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

seLinuxOptions

SELinuxOptions

The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

windowsOptions

WindowsSecurityContextOptions

The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

Capabilities [v1/core]

The following table describes the parameters for Capabilities object:

Field Type Description

add

string array

Added capabilities

drop

string array

Removed capabilities

ResourceRequirements [v1/core]

The following table describes the parameters for ResourceRequirements object:

Field Type Description

limits

object

Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

requests

object

Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

ContainerPort [v1/core]

The following table describes the parameters for ContainerPort object:

Field Type Description

containerPort

integer

Number of port to expose on the pod’s IP address. This must be a valid port number, 0 < x < 65536.

hostIP

string

What host IP to bind the external port to.

hostPort

integer

Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.

name

string

If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.

protocol

string

Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".

Probe [v1/core]

The following table describes the parameters for Probe object:

Field Type Description

exec

ExecAction

One and only one of the following should be specified. Exec specifies the action to take.

failureThreshold

integer

Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.

httpGet

HTTPGetAction

HTTPGet specifies the http request to perform.

initialDelaySeconds

integer

Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

periodSeconds

integer

How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.

successThreshold

integer

Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

tcpSocket

TCPSocketAction

TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported

timeoutSeconds

integer

Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

TCPSocketAction [v1/core]

The following table describes the parameters for TCPSocketAction object:

Field Type Description

host

string

Optional: Host name to connect to, defaults to the pod IP.

port

Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

HTTPGetAction [v1/core]

The following table describes the parameters for HTTPGetAction object:

Field Type Description

host

string

Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.

httpHeaders

HTTPHeader array

Custom headers to set in the request. HTTP allows repeated headers.

path

string

Path to access on the HTTP server.

port

Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

scheme

string

Scheme to use for connecting to the host. Defaults to HTTP.

HTTPHeader [v1/core]

The following table describes the parameters for HTTPHeader object:

Field Type Description

name

string

The header field name

value

string

The header field value

ExecAction [v1/core]

The following table describes the parameters for ExecAction object:

Field Type Description

command

string array

Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('

Lifecycle [v1/core]

The following table describes the parameters for Lifecycle object:

Field Type Description

postStart

Handler

PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

preStop

Handler

PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod’s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod’s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

Handler [v1/core]

The following table describes the parameters for Handler object:

Field Type Description

exec

ExecAction

One and only one of the following should be specified. Exec specifies the action to take.

httpGet

HTTPGetAction

HTTPGet specifies the http request to perform.

tcpSocket

TCPSocketAction

TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported

EnvFromSource [v1/core]

The following table describes the parameters for EnvFromSource object:

Field Type Description

configMapRef

ConfigMapEnvSource

The ConfigMap to select from

prefix

string

An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.

secretRef

SecretEnvSource

The Secret to select from

SecretEnvSource [v1/core]

The following table describes the parameters for SecretEnvSource object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret must be defined

ConfigMapEnvSource [v1/core]

The following table describes the parameters for ConfigMapEnvSource object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap must be defined

EnvVar [v1/core]

The following table describes the parameters for EnvVar object:

Field Type Description

name

string

Name of the environment variable. Must be a C_IDENTIFIER.

value

string

Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".

valueFrom

EnvVarSource

Source for the environment variable’s value. Cannot be used if value is not empty.

EnvVarSource [v1/core]

The following table describes the parameters for EnvVarSource object:

Field Type Description

configMapKeyRef

ConfigMapKeySelector

Selects a key of a ConfigMap.

fieldRef

ObjectFieldSelector

Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP.

resourceFieldRef

ResourceFieldSelector

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.

secretKeyRef

SecretKeySelector

Selects a key of a secret in the pod’s namespace

SecretKeySelector [v1/core]

The following table describes the parameters for SecretKeySelector object:

Field Type Description

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

ConfigMapKeySelector [v1/core]

The following table describes the parameters for ConfigMapKeySelector object:

Field Type Description

key

string

The key to select.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its key must be defined

PodDNSConfig [v1/core]

The following table describes the parameters for PodDNSConfig object:

Field Type Description

nameservers

string array

A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.

options

PodDNSConfigOption array

A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.

searches

string array

A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.

PodDNSConfigOption [v1/core]

The following table describes the parameters for PodDNSConfigOption object:

Field Type Description

name

string

Required.

value

string

Container [v1/core]

The following table describes the parameters for Container object:

Field Type Description

args

string array

Arguments to the entrypoint. The docker image’s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

command

string array

Entrypoint array. Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

env

EnvVar array

List of environment variables to set in the container. Cannot be updated.

envFrom

EnvFromSource array

List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.

image

string

Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.

imagePullPolicy

string

Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images

lifecycle

Lifecycle

Actions that the management system should take in response to container lifecycle events. Cannot be updated.

livenessProbe

Probe

Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

name

string

Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.

ports

ContainerPort array

List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated.

readinessProbe

Probe

Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

resources

ResourceRequirements

Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

securityContext

SecurityContext

Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

startupProbe

Probe

StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod’s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is an alpha feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

stdin

boolean

Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.

stdinOnce

boolean

Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false

terminationMessagePath

string

Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.

terminationMessagePolicy

string

Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.

tty

boolean

Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.

volumeDevices

VolumeDevice array

volumeDevices is the list of block devices to be used by the container. This is a beta feature.

volumeMounts

VolumeMount array

Pod volumes to mount into the container’s filesystem. Cannot be updated.

workingDir

string

Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.

Affinity [v1/core]

The following table describes the parameters for Affinity object:

Field Type Description

nodeAffinity

NodeAffinity

Describes node affinity scheduling rules for the pod.

podAffinity

PodAffinity

Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).

podAntiAffinity

PodAntiAffinity

Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).

PodAntiAffinity [v1/core]

The following table describes the parameters for PodAntiAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

WeightedPodAffinityTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

PodAffinityTerm array

If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

PodAffinityTerm [v1/core]

The following table describes the parameters for PodAffinityTerm object:

Field Type Description

labelSelector

LabelSelector

A label query over a set of resources, in this case pods.

namespaces

string array

namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod’s namespace"

topologyKey

string

This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.

WeightedPodAffinityTerm [v1/core]

The following table describes the parameters for WeightedPodAffinityTerm object:

Field Type Description

podAffinityTerm

PodAffinityTerm

Required. A pod affinity term, associated with the corresponding weight.

weight

integer

weight associated with matching the corresponding podAffinityTerm, in the range 1-100.

PodAffinity [v1/core]

The following table describes the parameters for PodAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

WeightedPodAffinityTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

PodAffinityTerm array

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

NodeAffinity [v1/core]

The following table describes the parameters for NodeAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

PreferredSchedulingTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

NodeSelector

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.

NodeSelector [v1/core]

The following table describes the parameters for NodeSelector object:

Field Type Description

nodeSelectorTerms

NodeSelectorTerm array

Required. A list of node selector terms. The terms are ORed.

NodeSelectorTerm [v1/core]

The following table describes the parameters for NodeSelectorTerm object:

Field Type Description

matchExpressions

NodeSelectorRequirement array

A list of node selector requirements by node’s labels.

matchFields

NodeSelectorRequirement array

A list of node selector requirements by node’s fields.

NodeSelectorRequirement [v1/core]

The following table describes the parameters for NodeSelectorRequirement object:

Field Type Description

key

string

The label key that the selector applies to.

operator

string

Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.

values

string array

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.

PreferredSchedulingTerm [v1/core]

The following table describes the parameters for PreferredSchedulingTerm object:

Field Type Description

preference

NodeSelectorTerm

A node selector term, associated with the corresponding weight.

weight

integer

Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

ObjectReference [v1/core]

The following table describes the parameters for ObjectReference object:

Field Type Description

apiVersion

string

API version of the referent.

fieldPath

string

If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

Operations

PodSecurityPolicySubjectReview v1 security.openshift.io

Definitions

PodSecurityPolicySubjectReview [v1/security.openshift.io]

The following table describes the parameters for the PodSecurityPolicySubjectReview object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

spec

PodSecurityPolicySubjectReviewSpec

spec defines specification for the PodSecurityPolicySubjectReview.

status

PodSecurityPolicySubjectReviewStatus

status represents the current information/status for the PodSecurityPolicySubjectReview.

PodSecurityPolicySubjectReviewSpec [v1/security.openshift.io]

The following table describes the parameters for PodSecurityPolicySubjectReviewSpec object:

Field Type Description

groups

string array

groups is the groups you’re testing for.

template

PodTemplateSpec

template is the PodTemplateSpec to check. If template.spec.serviceAccountName is empty it will not be defaulted. If its non-empty, it will be checked.

user

string

user is the user you’re testing for. If you specify "user" but not "group", then is it interpreted as "What if user were not a member of any groups. If user and groups are empty, then the check is performed using only the serviceAccountName in the template.

PodSecurityPolicySubjectReviewStatus [v1/security.openshift.io]

The following table describes the parameters for PodSecurityPolicySubjectReviewStatus object:

Field Type Description

allowedBy

ObjectReference

allowedBy is a reference to the rule that allows the PodTemplateSpec. A rule can be a SecurityContextConstraint or a PodSecurityPolicy A nil, indicates that it was denied.

reason

string

A machine-readable description of why this operation is in the "Failure" status. If this value is empty there is no information available.

template

PodTemplateSpec

template is the PodTemplateSpec after the defaulting is applied.

PodTemplateSpec [v1/core]

The following table describes the parameters for PodTemplateSpec object:

Field Type Description

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

PodSpec

Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

PodSpec [v1/core]

The following table describes the parameters for PodSpec object:

Field Type Description

activeDeadlineSeconds

integer

Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.

affinity

Affinity

If specified, the pod’s scheduling constraints

automountServiceAccountToken

boolean

AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.

containers

Container array

List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.

dnsConfig

PodDNSConfig

Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.

dnsPolicy

string

Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.

enableServiceLinks

boolean

EnableServiceLinks indicates whether information about services should be injected into pod’s environment variables, matching the syntax of Docker links. Optional: Defaults to true.

ephemeralContainers

EphemeralContainer array

List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod’s ephemeralcontainers subresource. This field is alpha-level and is only honored by servers that enable the EphemeralContainers feature.

hostAliases

HostAlias array

HostAliases is an optional list of hosts and IPs that will be injected into the pod’s hosts file if specified. This is only valid for non-hostNetwork pods.

hostIPC

boolean

Use the host’s ipc namespace. Optional: Default to false.

hostNetwork

boolean

Host networking requested for this pod. Use the host’s network namespace. If this option is set, the ports that will be used must be specified. Default to false.

hostPID

boolean

Use the host’s pid namespace. Optional: Default to false.

hostname

string

Specifies the hostname of the Pod If not specified, the pod’s hostname will be set to a system-defined value.

imagePullSecrets

LocalObjectReference array

ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod

initContainers

Container array

List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

nodeName

string

NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.

nodeSelector

object

NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node’s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/

overhead

object

Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md This field is alpha-level as of Kubernetes v1.16, and is only honored by servers that enable the PodOverhead feature.

preemptionPolicy

string

PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. This field is alpha-level and is only honored by servers that enable the NonPreemptingPriority feature.

priority

integer

The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.

priorityClassName

string

If specified, indicates the pod’s priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.

readinessGates

PodReadinessGate array

If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md

restartPolicy

string

Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy

runtimeClassName

string

RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md This is a beta feature as of Kubernetes v1.14.

schedulerName

string

If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.

securityContext

PodSecurityContext

SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.

serviceAccount

string

DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.

serviceAccountName

string

ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/

shareProcessNamespace

boolean

Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false. This field is beta-level and may be disabled with the PodShareProcessNamespace feature.

subdomain

string

If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>". If not specified, the pod will not have a domainname at all.

terminationGracePeriodSeconds

integer

Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.

tolerations

Toleration array

If specified, the pod’s tolerations.

topologySpreadConstraints

TopologySpreadConstraint array

TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. This field is alpha-level and is only honored by clusters that enables the EvenPodsSpread feature. All topologySpreadConstraints are ANDed.

volumes

Volume array

List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes

Volume [v1/core]

The following table describes the parameters for Volume object:

Field Type Description

awsElasticBlockStore

AWSElasticBlockStoreVolumeSource

AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

azureDisk

AzureDiskVolumeSource

AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.

azureFile

AzureFileVolumeSource

AzureFile represents an Azure File Service mount on the host and bind mount to the pod.

cephfs

CephFSVolumeSource

CephFS represents a Ceph FS mount on the host that shares a pod’s lifetime

cinder

CinderVolumeSource

Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

configMap

ConfigMapVolumeSource

ConfigMap represents a configMap that should populate this volume

csi

CSIVolumeSource

CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature).

downwardAPI

DownwardAPIVolumeSource

DownwardAPI represents downward API about the pod that should populate this volume

emptyDir

EmptyDirVolumeSource

EmptyDir represents a temporary directory that shares a pod’s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir

fc

FCVolumeSource

FC represents a Fibre Channel resource that is attached to a kubelet’s host machine and then exposed to the pod.

flexVolume

FlexVolumeSource

FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.

flocker

FlockerVolumeSource

Flocker represents a Flocker volume attached to a kubelet’s host machine. This depends on the Flocker control service being running

gcePersistentDisk

GCEPersistentDiskVolumeSource

GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

gitRepo

GitRepoVolumeSource

GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod’s container.

glusterfs

GlusterfsVolumeSource

Glusterfs represents a Glusterfs mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md

hostPath

HostPathVolumeSource

HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

iscsi

ISCSIVolumeSource

ISCSI represents an ISCSI Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md

name

string

Volume’s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

nfs

NFSVolumeSource

NFS represents an NFS mount on the host that shares a pod’s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

persistentVolumeClaim

PersistentVolumeClaimVolumeSource

PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

photonPersistentDisk

PhotonPersistentDiskVolumeSource

PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine

portworxVolume

PortworxVolumeSource

PortworxVolume represents a portworx volume attached and mounted on kubelets host machine

projected

ProjectedVolumeSource

Items for all in one resources secrets, configmaps, and downward API

quobyte

QuobyteVolumeSource

Quobyte represents a Quobyte mount on the host that shares a pod’s lifetime

rbd

RBDVolumeSource

RBD represents a Rados Block Device mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md

scaleIO

ScaleIOVolumeSource

ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.

secret

SecretVolumeSource

Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret

storageos

StorageOSVolumeSource

StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.

vsphereVolume

VsphereVirtualDiskVolumeSource

VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine

VsphereVirtualDiskVolumeSource [v1/core]

The following table describes the parameters for VsphereVirtualDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

storagePolicyID

string

Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.

storagePolicyName

string

Storage Policy Based Management (SPBM) profile name.

volumePath

string

Path that identifies vSphere volume vmdk

StorageOSVolumeSource [v1/core]

The following table describes the parameters for StorageOSVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.

volumeName

string

VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.

volumeNamespace

string

VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod’s namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.

LocalObjectReference [v1/core]

The following table describes the parameters for LocalObjectReference object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

SecretVolumeSource [v1/core]

The following table describes the parameters for SecretVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

optional

boolean

Specify whether the Secret or its keys must be defined

secretName

string

Name of the secret in the pod’s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret

KeyToPath [v1/core]

The following table describes the parameters for KeyToPath object:

Field Type Description

key

string

The key to project.

mode

integer

Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

path

string

The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.

ScaleIOVolumeSource [v1/core]

The following table describes the parameters for ScaleIOVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs".

gateway

string

The host address of the ScaleIO API Gateway.

protectionDomain

string

The name of the ScaleIO Protection Domain for the configured storage.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.

sslEnabled

boolean

Flag to enable/disable SSL communication with Gateway, default false

storageMode

string

Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.

storagePool

string

The ScaleIO Storage Pool associated with the protection domain.

system

string

The name of the storage system as configured in ScaleIO.

volumeName

string

The name of a volume already created in the ScaleIO system that is associated with this volume source.

RBDVolumeSource [v1/core]

The following table describes the parameters for RBDVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd

image

string

The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

keyring

string

Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

monitors

string array

A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

pool

string

The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

secretRef

LocalObjectReference

SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

user

string

The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

QuobyteVolumeSource [v1/core]

The following table describes the parameters for QuobyteVolumeSource object:

Field Type Description

group

string

Group to map volume access to Default is no group

readOnly

boolean

ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.

registry

string

Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes

tenant

string

Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin

user

string

User to map volume access to Defaults to serivceaccount user

volume

string

Volume is a string that references an already created Quobyte volume by name.

ProjectedVolumeSource [v1/core]

The following table describes the parameters for ProjectedVolumeSource object:

Field Type Description

defaultMode

integer

Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

sources

VolumeProjection array

list of volume projections

VolumeProjection [v1/core]

The following table describes the parameters for VolumeProjection object:

Field Type Description

configMap

ConfigMapProjection

information about the configMap data to project

downwardAPI

DownwardAPIProjection

information about the downwardAPI data to project

secret

SecretProjection

information about the secret data to project

serviceAccountToken

ServiceAccountTokenProjection

information about the serviceAccountToken data to project

ServiceAccountTokenProjection [v1/core]

The following table describes the parameters for ServiceAccountTokenProjection object:

Field Type Description

audience

string

Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.

expirationSeconds

integer

ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.

path

string

Path is the path relative to the mount point of the file to project the token into.

SecretProjection [v1/core]

The following table describes the parameters for SecretProjection object:

Field Type Description

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

DownwardAPIProjection [v1/core]

The following table describes the parameters for DownwardAPIProjection object:

Field Type Description

items

DownwardAPIVolumeFile array

Items is a list of DownwardAPIVolume file

DownwardAPIVolumeFile [v1/core]

The following table describes the parameters for DownwardAPIVolumeFile object:

Field Type Description

fieldRef

ObjectFieldSelector

Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.

mode

integer

Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

path

string

Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'

resourceFieldRef

ResourceFieldSelector

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.

ResourceFieldSelector [v1/core]

The following table describes the parameters for ResourceFieldSelector object:

Field Type Description

containerName

string

Container name: required for volumes, optional for env vars

divisor

Quantity

Specifies the output format of the exposed resources, defaults to "1"

resource

string

Required: resource to select

Quantity [resource/core]

The following table describes the parameters for Quantity object:

Field

Type

Description

ObjectFieldSelector [v1/core]

The following table describes the parameters for ObjectFieldSelector object:

Field Type Description

apiVersion

string

Version of the schema the FieldPath is written in terms of, defaults to "v1".

fieldPath

string

Path of the field to select in the specified API version.

ConfigMapProjection [v1/core]

The following table describes the parameters for ConfigMapProjection object:

Field Type Description

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its keys must be defined

PortworxVolumeSource [v1/core]

The following table describes the parameters for PortworxVolumeSource object:

Field Type Description

fsType

string

FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

volumeID

string

VolumeID uniquely identifies a Portworx volume

PhotonPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for PhotonPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

pdID

string

ID that identifies Photon Controller persistent disk

PersistentVolumeClaimVolumeSource [v1/core]

The following table describes the parameters for PersistentVolumeClaimVolumeSource object:

Field Type Description

claimName

string

ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims

readOnly

boolean

Will force the ReadOnly setting in VolumeMounts. Default false.

NFSVolumeSource [v1/core]

The following table describes the parameters for NFSVolumeSource object:

Field Type Description

path

string

Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

readOnly

boolean

ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

server

string

Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

ISCSIVolumeSource [v1/core]

The following table describes the parameters for ISCSIVolumeSource object:

Field Type Description

chapAuthDiscovery

boolean

whether support iSCSI Discovery CHAP authentication

chapAuthSession

boolean

whether support iSCSI Session CHAP authentication

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi

initiatorName

string

Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.

iqn

string

Target iSCSI Qualified Name.

iscsiInterface

string

iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).

lun

integer

iSCSI Target Lun number.

portals

string array

iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.

secretRef

LocalObjectReference

CHAP Secret for iSCSI target and initiator authentication

targetPortal

string

iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

HostPathVolumeSource [v1/core]

The following table describes the parameters for HostPathVolumeSource object:

Field Type Description

path

string

Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

type

string

Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

GlusterfsVolumeSource [v1/core]

The following table describes the parameters for GlusterfsVolumeSource object:

Field Type Description

endpoints

string

EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

path

string

Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

readOnly

boolean

ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

GitRepoVolumeSource [v1/core]

The following table describes the parameters for GitRepoVolumeSource object:

Field Type Description

directory

string

Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.

repository

string

Repository URL

revision

string

Commit hash for the specified revision.

GCEPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for GCEPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

pdName

string

Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

FlockerVolumeSource [v1/core]

The following table describes the parameters for FlockerVolumeSource object:

Field Type Description

datasetName

string

Name of the dataset stored as metadata → name on the dataset for Flocker should be considered as deprecated

datasetUUID

string

UUID of the dataset. This is unique identifier of a Flocker dataset

FlexVolumeSource [v1/core]

The following table describes the parameters for FlexVolumeSource object:

Field Type Description

driver

string

Driver is the name of the driver to use for this volume.

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.

options

object

Optional: Extra command options if any.

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

LocalObjectReference

Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.

FCVolumeSource [v1/core]

The following table describes the parameters for FCVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

lun

integer

Optional: FC target lun number

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

targetWWNs

string array

Optional: FC target worldwide names (WWNs)

wwids

string array

Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.

EmptyDirVolumeSource [v1/core]

The following table describes the parameters for EmptyDirVolumeSource object:

Field Type Description

medium

string

What type of storage medium should back this directory. The default is "" which means to use the node’s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir

sizeLimit

Quantity

Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir

DownwardAPIVolumeSource [v1/core]

The following table describes the parameters for DownwardAPIVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

DownwardAPIVolumeFile array

Items is a list of downward API volume file

CSIVolumeSource [v1/core]

The following table describes the parameters for CSIVolumeSource object:

Field Type Description

driver

string

Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.

fsType

string

Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.

nodePublishSecretRef

LocalObjectReference

NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.

readOnly

boolean

Specifies a read-only configuration for the volume. Defaults to false (read/write).

volumeAttributes

object

VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver’s documentation for supported values.

ConfigMapVolumeSource [v1/core]

The following table describes the parameters for ConfigMapVolumeSource object:

Field Type Description

defaultMode

integer

Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

items

KeyToPath array

If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its keys must be defined

CinderVolumeSource [v1/core]

The following table describes the parameters for CinderVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

secretRef

LocalObjectReference

Optional: points to a secret object containing parameters used to connect to RHOSP.

volumeID

string

volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

CephFSVolumeSource [v1/core]

The following table describes the parameters for CephFSVolumeSource object:

Field Type Description

monitors

string array

Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

path

string

Optional: Used as the mounted root, rather than the full Ceph tree, default is /

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretFile

string

Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretRef

LocalObjectReference

Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

user

string

Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

AzureFileVolumeSource [v1/core]

The following table describes the parameters for AzureFileVolumeSource object:

Field Type Description

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretName

string

the name of secret that contains Azure Storage Account Name and Key

shareName

string

Share Name

AzureDiskVolumeSource [v1/core]

The following table describes the parameters for AzureDiskVolumeSource object:

Field Type Description

cachingMode

string

Host Caching mode: None, Read Only, Read Write.

diskName

string

The Name of the data disk in the blob storage

diskURI

string

The URI the data disk in the blob storage

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

kind

string

Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

AWSElasticBlockStoreVolumeSource [v1/core]

The following table describes the parameters for AWSElasticBlockStoreVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).

readOnly

boolean

Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

volumeID

string

Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

TopologySpreadConstraint [v1/core]

The following table describes the parameters for TopologySpreadConstraint object:

Field Type Description

labelSelector

LabelSelector

LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.

maxSkew

integer

MaxSkew describes the degree to which pods may be unevenly distributed. It’s the maximum permitted difference between the number of matching pods in any two topology domains of a given topology type. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0:

zone1

zone2

zone3

P

- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. It’s a required field. Default value is 1 and 0 is not allowed.

topologyKey

string

TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a "bucket", and try to put balanced number of pods into each bucket. It’s a required field.

whenUnsatisfiable

string

WhenUnsatisfiable indicates how to deal with a pod if it doesn’t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it - ScheduleAnyway tells the scheduler to still schedule it It’s considered as "Unsatisfiable" if and only if placing incoming pod on any topology violates "MaxSkew". For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1:

zone1

zone2

zone3

P P P

P

LabelSelector [v1/meta]

The following table describes the parameters for LabelSelector object:

Field Type Description

matchExpressions

LabelSelectorRequirement array

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchLabels

object

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

LabelSelectorRequirement [v1/meta]

The following table describes the parameters for LabelSelectorRequirement object:

Field Type Description

key

string

key is the label key that the selector applies to.

operator

string

operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

values

string array

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

Toleration [v1/core]

The following table describes the parameters for Toleration object:

Field Type Description

effect

string

Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.

key

string

Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.

operator

string

Operator represents a key’s relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.

tolerationSeconds

integer

TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.

value

string

Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.

PodSecurityContext [v1/core]

The following table describes the parameters for PodSecurityContext object:

Field Type Description

fsGroup

integer

A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:

1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR’d with rw-rw----

If unset, the Kubelet will not modify the ownership and permissions of any volume.

runAsGroup

integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

runAsNonRoot

boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser

integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

seLinuxOptions

SELinuxOptions

The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.

supplementalGroups

integer array

A list of groups applied to the first process run in each container, in addition to the container’s primary GID. If unspecified, no groups will be added to any container.

sysctls

Sysctl array

Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch.

windowsOptions

WindowsSecurityContextOptions

The Windows specific settings applied to all containers. If unspecified, the options within a container’s SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

WindowsSecurityContextOptions [v1/core]

The following table describes the parameters for WindowsSecurityContextOptions object:

Field Type Description

gmsaCredentialSpec

string

GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.

gmsaCredentialSpecName

string

GMSACredentialSpecName is the name of the GMSA credential spec to use. This field is alpha-level and is only honored by servers that enable the WindowsGMSA feature flag.

runAsUserName

string

The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. This field is alpha-level and it is only honored by servers that enable the WindowsRunAsUserName feature flag.

Sysctl [v1/core]

The following table describes the parameters for Sysctl object:

Field Type Description

name

string

Name of a property to set

value

string

Value of a property to set

SELinuxOptions [v1/core]

The following table describes the parameters for SELinuxOptions object:

Field Type Description

level

string

Level is SELinux level label that applies to the container.

role

string

Role is a SELinux role label that applies to the container.

type

string

Type is a SELinux type label that applies to the container.

user

string

User is a SELinux user label that applies to the container.

PodReadinessGate [v1/core]

The following table describes the parameters for PodReadinessGate object:

Field Type Description

conditionType

string

ConditionType refers to a condition in the pod’s condition list with matching type.

HostAlias [v1/core]

The following table describes the parameters for HostAlias object:

Field Type Description

hostnames

string array

Hostnames for the above IP address.

ip

string

IP address of the host file entry.

EphemeralContainer [v1/core]

The following table describes the parameters for EphemeralContainer object:

Field Type Description

args

string array

Arguments to the entrypoint. The docker image’s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

command

string array

Entrypoint array. Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

env

EnvVar array

List of environment variables to set in the container. Cannot be updated.

envFrom

EnvFromSource array

List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.

image

string

Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images

imagePullPolicy

string

Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images

lifecycle

Lifecycle

Lifecycle is not allowed for ephemeral containers.

livenessProbe

Probe

Probes are not allowed for ephemeral containers.

name

string

Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.

ports

ContainerPort array

Ports are not allowed for ephemeral containers.

readinessProbe

Probe

Probes are not allowed for ephemeral containers.

resources

ResourceRequirements

Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.

securityContext

SecurityContext

SecurityContext is not allowed for ephemeral containers.

startupProbe

Probe

Probes are not allowed for ephemeral containers.

stdin

boolean

Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.

stdinOnce

boolean

Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false

targetContainerName

string

If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container is run in whatever namespaces are shared for the pod. Note that the container runtime must support this feature.

terminationMessagePath

string

Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.

terminationMessagePolicy

string

Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.

tty

boolean

Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.

volumeDevices

VolumeDevice array

volumeDevices is the list of block devices to be used by the container. This is a beta feature.

volumeMounts

VolumeMount array

Pod volumes to mount into the container’s filesystem. Cannot be updated.

workingDir

string

Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.

VolumeMount [v1/core]

The following table describes the parameters for VolumeMount object:

Field Type Description

mountPath

string

Path within the container at which the volume should be mounted. Must not contain ':'.

mountPropagation

string

mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.

name

string

This must match the Name of a Volume.

readOnly

boolean

Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.

subPath

string

Path within the volume from which the container’s volume should be mounted. Defaults to "" (volume’s root).

subPathExpr

string

Expanded path within the volume from which the container’s volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container’s environment. Defaults to "" (volume’s root). SubPathExpr and SubPath are mutually exclusive. This field is beta in 1.15.

VolumeDevice [v1/core]

The following table describes the parameters for VolumeDevice object:

Field Type Description

devicePath

string

devicePath is the path inside of the container that the device will be mapped to.

name

string

name must match the name of a persistentVolumeClaim in the pod

SecurityContext [v1/core]

The following table describes the parameters for SecurityContext object:

Field Type Description

allowPrivilegeEscalation

boolean

AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN

capabilities

Capabilities

The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.

privileged

boolean

Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.

procMount

string

procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled.

readOnlyRootFilesystem

boolean

Whether this container has a read-only root filesystem. Default is false.

runAsGroup

integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsNonRoot

boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser

integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

seLinuxOptions

SELinuxOptions

The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

windowsOptions

WindowsSecurityContextOptions

The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

Capabilities [v1/core]

The following table describes the parameters for Capabilities object:

Field Type Description

add

string array

Added capabilities

drop

string array

Removed capabilities

ResourceRequirements [v1/core]

The following table describes the parameters for ResourceRequirements object:

Field Type Description

limits

object

Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

requests

object

Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

ContainerPort [v1/core]

The following table describes the parameters for ContainerPort object:

Field Type Description

containerPort

integer

Number of port to expose on the pod’s IP address. This must be a valid port number, 0 < x < 65536.

hostIP

string

What host IP to bind the external port to.

hostPort

integer

Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.

name

string

If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.

protocol

string

Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".

Probe [v1/core]

The following table describes the parameters for Probe object:

Field Type Description

exec

ExecAction

One and only one of the following should be specified. Exec specifies the action to take.

failureThreshold

integer

Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.

httpGet

HTTPGetAction

HTTPGet specifies the http request to perform.

initialDelaySeconds

integer

Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

periodSeconds

integer

How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.

successThreshold

integer

Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

tcpSocket

TCPSocketAction

TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported

timeoutSeconds

integer

Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

TCPSocketAction [v1/core]

The following table describes the parameters for TCPSocketAction object:

Field Type Description

host

string

Optional: Host name to connect to, defaults to the pod IP.

port

Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

HTTPGetAction [v1/core]

The following table describes the parameters for HTTPGetAction object:

Field Type Description

host

string

Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.

httpHeaders

HTTPHeader array

Custom headers to set in the request. HTTP allows repeated headers.

path

string

Path to access on the HTTP server.

port

Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.

scheme

string

Scheme to use for connecting to the host. Defaults to HTTP.

HTTPHeader [v1/core]

The following table describes the parameters for HTTPHeader object:

Field Type Description

name

string

The header field name

value

string

The header field value

ExecAction [v1/core]

The following table describes the parameters for ExecAction object:

Field Type Description

command

string array

Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container’s filesystem. The command is simply exec’d, it is not run inside a shell, so traditional shell instructions ('

Lifecycle [v1/core]

The following table describes the parameters for Lifecycle object:

Field Type Description

postStart

Handler

PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

preStop

Handler

PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod’s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod’s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

Handler [v1/core]

The following table describes the parameters for Handler object:

Field Type Description

exec

ExecAction

One and only one of the following should be specified. Exec specifies the action to take.

httpGet

HTTPGetAction

HTTPGet specifies the http request to perform.

tcpSocket

TCPSocketAction

TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported

EnvFromSource [v1/core]

The following table describes the parameters for EnvFromSource object:

Field Type Description

configMapRef

ConfigMapEnvSource

The ConfigMap to select from

prefix

string

An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.

secretRef

SecretEnvSource

The Secret to select from

SecretEnvSource [v1/core]

The following table describes the parameters for SecretEnvSource object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret must be defined

ConfigMapEnvSource [v1/core]

The following table describes the parameters for ConfigMapEnvSource object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap must be defined

EnvVar [v1/core]

The following table describes the parameters for EnvVar object:

Field Type Description

name

string

Name of the environment variable. Must be a C_IDENTIFIER.

value

string

Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".

valueFrom

EnvVarSource

Source for the environment variable’s value. Cannot be used if value is not empty.

EnvVarSource [v1/core]

The following table describes the parameters for EnvVarSource object:

Field Type Description

configMapKeyRef

ConfigMapKeySelector

Selects a key of a ConfigMap.

fieldRef

ObjectFieldSelector

Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP.

resourceFieldRef

ResourceFieldSelector

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.

secretKeyRef

SecretKeySelector

Selects a key of a secret in the pod’s namespace

SecretKeySelector [v1/core]

The following table describes the parameters for SecretKeySelector object:

Field Type Description

key

string

The key of the secret to select from. Must be a valid secret key.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the Secret or its key must be defined

ConfigMapKeySelector [v1/core]

The following table describes the parameters for ConfigMapKeySelector object:

Field Type Description

key

string

The key to select.

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional

boolean

Specify whether the ConfigMap or its key must be defined

PodDNSConfig [v1/core]

The following table describes the parameters for PodDNSConfig object:

Field Type Description

nameservers

string array

A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.

options

PodDNSConfigOption array

A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.

searches

string array

A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.

PodDNSConfigOption [v1/core]

The following table describes the parameters for PodDNSConfigOption object:

Field Type Description

name

string

Required.

value

string

Container [v1/core]

The following table describes the parameters for Container object:

Field Type Description

args

string array

Arguments to the entrypoint. The docker image’s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

command

string array

Entrypoint array. Not executed within a shell. The docker image’s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container’s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double , ie: (VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

env

EnvVar array

List of environment variables to set in the container. Cannot be updated.

envFrom

EnvFromSource array

List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.

image

string

Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.

imagePullPolicy

string

Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images

lifecycle

Lifecycle

Actions that the management system should take in response to container lifecycle events. Cannot be updated.

livenessProbe

Probe

Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

name

string

Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.

ports

ContainerPort array

List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated.

readinessProbe

Probe

Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

resources

ResourceRequirements

Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

securityContext

SecurityContext

Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

startupProbe

Probe

StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod’s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. This is an alpha feature enabled by the StartupProbe feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

stdin

boolean

Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.

stdinOnce

boolean

Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false

terminationMessagePath

string

Optional: Path at which the file to which the container’s termination message will be written is mounted into the container’s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.

terminationMessagePolicy

string

Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.

tty

boolean

Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.

volumeDevices

VolumeDevice array

volumeDevices is the list of block devices to be used by the container. This is a beta feature.

volumeMounts

VolumeMount array

Pod volumes to mount into the container’s filesystem. Cannot be updated.

workingDir

string

Container’s working directory. If not specified, the container runtime’s default will be used, which might be configured in the container image. Cannot be updated.

Affinity [v1/core]

The following table describes the parameters for Affinity object:

Field Type Description

nodeAffinity

NodeAffinity

Describes node affinity scheduling rules for the pod.

podAffinity

PodAffinity

Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).

podAntiAffinity

PodAntiAffinity

Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).

PodAntiAffinity [v1/core]

The following table describes the parameters for PodAntiAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

WeightedPodAffinityTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

PodAffinityTerm array

If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

PodAffinityTerm [v1/core]

The following table describes the parameters for PodAffinityTerm object:

Field Type Description

labelSelector

LabelSelector

A label query over a set of resources, in this case pods.

namespaces

string array

namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod’s namespace"

topologyKey

string

This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.

WeightedPodAffinityTerm [v1/core]

The following table describes the parameters for WeightedPodAffinityTerm object:

Field Type Description

podAffinityTerm

PodAffinityTerm

Required. A pod affinity term, associated with the corresponding weight.

weight

integer

weight associated with matching the corresponding podAffinityTerm, in the range 1-100.

PodAffinity [v1/core]

The following table describes the parameters for PodAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

WeightedPodAffinityTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

PodAffinityTerm array

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.

NodeAffinity [v1/core]

The following table describes the parameters for NodeAffinity object:

Field Type Description

preferredDuringSchedulingIgnoredDuringExecution

PreferredSchedulingTerm array

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.

requiredDuringSchedulingIgnoredDuringExecution

NodeSelector

If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.

NodeSelector [v1/core]

The following table describes the parameters for NodeSelector object:

Field Type Description

nodeSelectorTerms

NodeSelectorTerm array

Required. A list of node selector terms. The terms are ORed.

NodeSelectorTerm [v1/core]

The following table describes the parameters for NodeSelectorTerm object:

Field Type Description

matchExpressions

NodeSelectorRequirement array

A list of node selector requirements by node’s labels.

matchFields

NodeSelectorRequirement array

A list of node selector requirements by node’s fields.

NodeSelectorRequirement [v1/core]

The following table describes the parameters for NodeSelectorRequirement object:

Field Type Description

key

string

The label key that the selector applies to.

operator

string

Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.

values

string array

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.

PreferredSchedulingTerm [v1/core]

The following table describes the parameters for PreferredSchedulingTerm object:

Field Type Description

preference

NodeSelectorTerm

A node selector term, associated with the corresponding weight.

weight

integer

Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

ObjectReference [v1/core]

The following table describes the parameters for ObjectReference object:

Field Type Description

apiVersion

string

API version of the referent.

fieldPath

string

If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

Operations

RangeAllocation v1 security.openshift.io

Appears in

RangeAllocationList [security.openshift.io/v1]

Definitions

RangeAllocation [v1/security.openshift.io]

The following table describes the parameters for the RangeAllocation object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

data

string

data is a byte array representing the serialized state of a range allocation. It is a bitmap with each bit set to one to represent a range is taken.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

range

string

range is a string representing a unique label for a range of uids, "1000000000-2000000000/10000".

RangeAllocationList [v1/security.openshift.io]

The following table describes the parameters for RangeAllocationList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

RangeAllocation array

List of RangeAllocations.

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

ObjectMeta_v2 [v1/meta]

The following table describes the parameters for ObjectMeta_v2 object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

SecurityContextConstraints v1 security.openshift.io

Appears in

SecurityContextConstraintsList [security.openshift.io/v1]

Definitions

SecurityContextConstraints [v1/security.openshift.io]

The following table describes the parameters for the SecurityContextConstraints object:

Field Type Description

allowHostDirVolumePlugin

boolean

AllowHostDirVolumePlugin determines if the policy allow containers to use the HostDir volume plugin

allowHostIPC

boolean

AllowHostIPC determines if the policy allows host ipc in the containers.

allowHostNetwork

boolean

AllowHostNetwork determines if the policy allows the use of HostNetwork in the pod spec.

allowHostPID

boolean

AllowHostPID determines if the policy allows host pid in the containers.

allowHostPorts

boolean

AllowHostPorts determines if the policy allows host ports in the containers.

allowPrivilegeEscalation

AllowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.

allowPrivilegedContainer

boolean

AllowPrivilegedContainer determines if a container can request to be run as privileged.

allowedCapabilities

AllowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field maybe added at the pod author’s discretion. You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities. To allow all capabilities you may use '*'.

allowedFlexVolumes

AllowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the "Volumes" field.

allowedUnsafeSysctls

AllowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection. Examples: e.g. "foo/" allows "foo/bar", "foo/baz", etc. e.g. "foo.*" allows "foo.bar", "foo.baz", etc.

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

defaultAddCapabilities

DefaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capabiility in both DefaultAddCapabilities and RequiredDropCapabilities.

defaultAllowPrivilegeEscalation

DefaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.

forbiddenSysctls

ForbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in "" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden. Examples: e.g. "foo/" forbids "foo/bar", "foo/baz", etc. e.g. "foo.*" forbids "foo.bar", "foo.baz", etc.

fsGroup

FSGroup is the strategy that will dictate what fs group is used by the SecurityContext.

groups

The groups that have permission to use this security context constraints

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

priority

Priority influences the sort order of SCCs when evaluating which SCCs to try first for a given pod request based on access in the Users and Groups fields. The higher the int, the higher priority. An unset value is considered a 0 priority. If scores for multiple SCCs are equal they will be sorted from most restrictive to least restrictive. If both priorities and restrictions are equal the SCCs will be sorted by name.

readOnlyRootFilesystem

boolean

ReadOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the SCC should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.

requiredDropCapabilities

RequiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added.

runAsUser

RunAsUser is the strategy that will dictate what RunAsUser is used in the SecurityContext.

seLinuxContext

SELinuxContext is the strategy that will dictate what labels will be set in the SecurityContext.

seccompProfiles

SeccompProfiles lists the allowed profiles that may be set for the pod or container’s seccomp annotations. An unset (nil) or empty value means that no profiles may be specifid by the pod or container. The wildcard '*' may be used to allow all profiles. When used to generate a value for a pod the first non-wildcard profile will be used as the default.

supplementalGroups

SupplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.

users

The users who have permissions to use this security context constraints

volumes

Volumes is a white list of allowed volume plugins. FSType corresponds directly with the field names of a VolumeSource (azureFile, configMap, emptyDir). To allow all volumes you may use "*". To allow no volumes, set to ["none"].

SecurityContextConstraintsList [v1/security.openshift.io]

The following table describes the parameters for SecurityContextConstraintsList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

SecurityContextConstraints array

List of securitycontextconstraints. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

CSIDriver v1beta1 storage

Appears in

CSIDriverList [storage/v1beta1]

Definitions

CSIDriver [v1beta1/storage]

The following table describes the parameters for the CSIDriver object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object metadata. metadata.Name indicates the name of the CSI driver that this object refers to; it MUST be the same name returned by the CSI GetPluginName() call for that driver. The driver name must be 63 characters or less, beginning and ending with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), dots (.), and alphanumerics between. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

CSIDriverSpec

Specification of the CSI Driver.

CSIDriverSpec [v1beta1/storage]

The following table describes the parameters for CSIDriverSpec object:

Field Type Description

attachRequired

boolean

attachRequired indicates this CSI volume driver requires an attach operation (because it implements the CSI ControllerPublishVolume() method), and that the Kubernetes attach detach controller should call the attach volume interface which checks the volumeattachment status and waits until the volume is attached before proceeding to mounting. The CSI external-attacher coordinates with CSI volume driver and updates the volumeattachment status when the attach operation is complete. If the CSIDriverRegistry feature gate is enabled and the value is specified to false, the attach operation will be skipped. Otherwise the attach operation will be called.

podInfoOnMount

boolean

If set to true, podInfoOnMount indicates this CSI volume driver requires additional pod information (like podName, podUID, etc.) during mount operations. If set to false, pod information will not be passed on mount. Default is false. The CSI driver specifies podInfoOnMount as part of driver deployment. If true, Kubelet will pass pod information as VolumeContext in the CSI NodePublishVolume() calls. The CSI driver is responsible for parsing and validating the information passed in as VolumeContext. The following VolumeConext will be passed if podInfoOnMount is set to true. This list might grow, but the prefix will be used. "csi.storage.k8s.io/pod.name": pod.Name "csi.storage.k8s.io/pod.namespace": pod.Namespace "csi.storage.k8s.io/pod.uid": string(pod.UID) "csi.storage.k8s.io/ephemeral": "true" iff the volume is an ephemeral inline volume defined by a CSIVolumeSource, otherwise "false"

"csi.storage.k8s.io/ephemeral" is a new feature in Kubernetes 1.16. It is only required for drivers which support both the "Persistent" and "Ephemeral" VolumeLifecycleMode. Other drivers can leave pod info disabled and/or ignore this field. As Kubernetes 1.15 doesn’t support this field, drivers can only support one mode when deployed on such a cluster and the deployment determines which mode that is, for example via a command line parameter of the driver.

volumeLifecycleModes

string array

VolumeLifecycleModes defines what kind of volumes this CSI volume driver supports. The default if the list is empty is "Persistent", which is the usage defined by the CSI specification and implemented in Kubernetes via the usual PV/PVC mechanism. The other mode is "Ephemeral". In this mode, volumes are defined inline inside the pod spec with CSIVolumeSource and their lifecycle is tied to the lifecycle of that pod. A driver has to be aware of this because it is only going to get a NodePublishVolume call for such a volume. For more information about implementing this mode, see https://kubernetes-csi.github.io/docs/ephemeral-local-volumes.html A driver can support one or more of these modes and more modes may be added in the future.

CSIDriverList [v1beta1/storage]

The following table describes the parameters for CSIDriverList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

CSIDriver array

items is the list of CSIDriver

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a CSIDriver

HTTP request

post /apis/storage.k8s.io/v1beta1/csidrivers

Table 2076. HTTP body
Object	Type
`body`	CSIDriver

Table 2077. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 2078. HTTP responses
Code	Type
200 - OK	CSIDriver
201 - Created	CSIDriver
202 - Accepted	CSIDriver

Patch

partially update the specified CSIDriver

HTTP request

patch /apis/storage.k8s.io/v1beta1/csidrivers/{name}

Table 2079. HTTP body
Object	Type
`body`	Patch

Table 2080. Path parameters
Parameter	Description
`name`	name of the CSIDriver

Table 2081. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 2082. HTTP responses
Code	Type
200 - OK	CSIDriver

Replace

replace the specified CSIDriver

HTTP request

put /apis/storage.k8s.io/v1beta1/csidrivers/{name}

Table 2083. HTTP body
Object	Type
`body`	CSIDriver

Table 2084. Path parameters
Parameter	Description
`name`	name of the CSIDriver

Table 2085. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 2086. HTTP responses
Code	Type
200 - OK	CSIDriver
201 - Created	CSIDriver

Delete

delete a CSIDriver

HTTP request

delete /apis/storage.k8s.io/v1beta1/csidrivers/{name}

Table 2087. HTTP body
Object	Type
`body`	DeleteOptions

Table 2088. Path parameters
Parameter	Description
`name`	name of the CSIDriver

Table 2089. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 2090. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of CSIDriver

HTTP request

delete /apis/storage.k8s.io/v1beta1/csidrivers

Table 2091. HTTP body
Object	Type
`body`	DeleteOptions

Table 2092. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 2093. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified CSIDriver

HTTP request

get /apis/storage.k8s.io/v1beta1/csidrivers/{name}

Table 2094. Path parameters
Parameter	Description
`name`	name of the CSIDriver

Table 2095. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 2096. HTTP responses
Code	Type
200 - OK	CSIDriver

List

list or watch objects of kind CSIDriver

HTTP request

get /apis/storage.k8s.io/v1beta1/csidrivers

Table 2097. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 2098. HTTP responses
Code	Type
200 - OK	CSIDriverList

Watch

watch changes to an object of kind CSIDriver. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /apis/storage.k8s.io/v1beta1/watch/csidrivers/{name}

Table 2099. Path parameters
Parameter	Description
`name`	name of the CSIDriver

Table 2100. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 2101. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of CSIDriver. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/storage.k8s.io/v1beta1/watch/csidrivers

Table 2102. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 2103. HTTP responses
Code	Type
200 - OK	WatchEvent

CSINode v1beta1 storage

Appears in

CSINodeList [storage/v1beta1]

Definitions

CSINode [v1beta1/storage]

The following table describes the parameters for the CSINode object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

metadata.name must be the Kubernetes node name.

spec

CSINodeSpec

spec is the specification of CSINode

CSINodeSpec [v1beta1/storage]

The following table describes the parameters for CSINodeSpec object:

Field Type Description

drivers

CSINodeDriver array

drivers is a list of information of all CSI Drivers existing on a node. If all drivers in the list are uninstalled, this can become empty.

CSINodeList [v1beta1/storage]

The following table describes the parameters for CSINodeList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

CSINode array

items is the list of CSINode

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

CSINodeDriver [v1beta1/storage]

The following table describes the parameters for CSINodeDriver object:

Field Type Description

allocatable

VolumeNodeResources

allocatable represents the volume resources of a node that are available for scheduling.

name

string

This is the name of the CSI driver that this object refers to. This MUST be the same name returned by the CSI GetPluginName() call for that driver.

nodeID

string

nodeID of the node from the driver point of view. This field enables Kubernetes to communicate with storage systems that do not share the same nomenclature for nodes. For example, Kubernetes may refer to a given node as "node1", but the storage system may refer to the same node as "nodeA". When Kubernetes issues a command to the storage system to attach a volume to a specific node, it can use this field to refer to the node name using the ID that the storage system will understand, e.g. "nodeA" instead of "node1". This field is required.

topologyKeys

string array

topologyKeys is the list of keys supported by the driver. When a driver is initialized on a cluster, it provides a set of topology keys that it understands (e.g. "company.com/zone", "company.com/region"). When a driver is initialized on a node, it provides the same topology keys along with values. Kubelet will expose these topology keys as labels on its own node object. When Kubernetes does topology aware provisioning, it can use this list to determine which labels it should retrieve from the node object and pass back to the driver. It is possible for different nodes to use different topology keys. This can be empty if driver does not support topology.

VolumeNodeResources [v1beta1/storage]

The following table describes the parameters for VolumeNodeResources object:

Field Type Description

count

integer

Maximum number of unique volumes managed by the CSI driver that can be used on a node. A volume that is both attached and mounted on a node is considered to be used once, not twice. The same rule applies for a unique volume that is shared among multiple pods on the same node. If this field is nil, then the supported number of volumes on this node is unbounded.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a CSINode

HTTP request

post /apis/storage.k8s.io/v1beta1/csinodes

Table 2104. HTTP body
Object	Type
`body`	CSINode

Table 2105. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 2106. HTTP responses
Code	Type
200 - OK	CSINode
201 - Created	CSINode
202 - Accepted	CSINode

Patch

partially update the specified CSINode

HTTP request

patch /apis/storage.k8s.io/v1beta1/csinodes/{name}

Table 2107. HTTP body
Object	Type
`body`	Patch

Table 2108. Path parameters
Parameter	Description
`name`	name of the CSINode

Table 2109. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 2110. HTTP responses
Code	Type
200 - OK	CSINode

Replace

replace the specified CSINode

HTTP request

put /apis/storage.k8s.io/v1beta1/csinodes/{name}

Table 2111. HTTP body
Object	Type
`body`	CSINode

Table 2112. Path parameters
Parameter	Description
`name`	name of the CSINode

Table 2113. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 2114. HTTP responses
Code	Type
200 - OK	CSINode
201 - Created	CSINode

Delete

delete a CSINode

HTTP request

delete /apis/storage.k8s.io/v1beta1/csinodes/{name}

Table 2115. HTTP body
Object	Type
`body`	DeleteOptions

Table 2116. Path parameters
Parameter	Description
`name`	name of the CSINode

Table 2117. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 2118. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of CSINode

HTTP request

delete /apis/storage.k8s.io/v1beta1/csinodes

Table 2119. HTTP body
Object	Type
`body`	DeleteOptions

Table 2120. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 2121. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified CSINode

HTTP request

get /apis/storage.k8s.io/v1beta1/csinodes/{name}

Table 2122. Path parameters
Parameter	Description
`name`	name of the CSINode

Table 2123. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 2124. HTTP responses
Code	Type
200 - OK	CSINode

List

list or watch objects of kind CSINode

HTTP request

get /apis/storage.k8s.io/v1beta1/csinodes

Table 2125. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 2126. HTTP responses
Code	Type
200 - OK	CSINodeList

Watch

watch changes to an object of kind CSINode. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /apis/storage.k8s.io/v1beta1/watch/csinodes/{name}

Table 2127. Path parameters
Parameter	Description
`name`	name of the CSINode

Table 2128. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 2129. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of CSINode. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/storage.k8s.io/v1beta1/watch/csinodes

Table 2130. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 2131. HTTP responses
Code	Type
200 - OK	WatchEvent

StorageClass v1 storage

Appears in

StorageClassList [storage/v1]

Definitions

StorageClass [v1/storage]

The following table describes the parameters for the StorageClass object:

Field Type Description

allowVolumeExpansion

boolean

AllowVolumeExpansion shows whether the storage class allow volume expand

allowedTopologies

TopologySelectorTerm array

Restrict the node topologies where volumes can be dynamically provisioned. Each volume plugin defines its own supported topology specifications. An empty TopologySelectorTerm list means there is no topology restriction. This field is only honored by servers that enable the VolumeScheduling feature.

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

mountOptions

string array

Dynamically provisioned PersistentVolumes of this storage class are created with these mountOptions, e.g. ["ro", "soft"]. Not validated - mount of the PVs will simply fail if one is invalid.

parameters

object

Parameters holds the parameters for the provisioner that should create volumes of this storage class.

provisioner

string

Provisioner indicates the type of the provisioner.

reclaimPolicy

string

Dynamically provisioned PersistentVolumes of this storage class are created with this reclaimPolicy. Defaults to Delete.

volumeBindingMode

string

VolumeBindingMode indicates how PersistentVolumeClaims should be provisioned and bound. When unset, VolumeBindingImmediate is used. This field is only honored by servers that enable the VolumeScheduling feature.

StorageClassList [v1/storage]

The following table describes the parameters for StorageClassList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

StorageClass array

Items is the list of StorageClasses

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

TopologySelectorTerm [v1/core]

The following table describes the parameters for TopologySelectorTerm object:

Field Type Description

matchLabelExpressions

TopologySelectorLabelRequirement array

A list of topology selector requirements by labels.

TopologySelectorLabelRequirement [v1/core]

The following table describes the parameters for TopologySelectorLabelRequirement object:

Field Type Description

key

string

The label key that the selector applies to.

values

string array

An array of string values. One value must match the label to be selected. Each entry in Values is ORed.

Operations

Write Operations

Create

create a StorageClass

HTTP request

post /apis/storage.k8s.io/v1/storageclasses

Table 2132. HTTP body
Object	Type
`body`	StorageClass

Table 2133. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 2134. HTTP responses
Code	Type
200 - OK	StorageClass
201 - Created	StorageClass
202 - Accepted	StorageClass

Patch

partially update the specified StorageClass

HTTP request

patch /apis/storage.k8s.io/v1/storageclasses/{name}

Table 2135. HTTP body
Object	Type
`body`	Patch

Table 2136. Path parameters
Parameter	Description
`name`	name of the StorageClass

Table 2137. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 2138. HTTP responses
Code	Type
200 - OK	StorageClass

Replace

replace the specified StorageClass

HTTP request

put /apis/storage.k8s.io/v1/storageclasses/{name}

Table 2139. HTTP body
Object	Type
`body`	StorageClass

Table 2140. Path parameters
Parameter	Description
`name`	name of the StorageClass

Table 2141. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 2142. HTTP responses
Code	Type
200 - OK	StorageClass
201 - Created	StorageClass

Delete

delete a StorageClass

HTTP request

delete /apis/storage.k8s.io/v1/storageclasses/{name}

Table 2143. HTTP body
Object	Type
`body`	DeleteOptions

Table 2144. Path parameters
Parameter	Description
`name`	name of the StorageClass

Table 2145. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 2146. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of StorageClass

HTTP request

delete /apis/storage.k8s.io/v1/storageclasses

Table 2147. HTTP body
Object	Type
`body`	DeleteOptions

Table 2148. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 2149. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified StorageClass

HTTP request

get /apis/storage.k8s.io/v1/storageclasses/{name}

Table 2150. Path parameters
Parameter	Description
`name`	name of the StorageClass

Table 2151. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 2152. HTTP responses
Code	Type
200 - OK	StorageClass

List

list or watch objects of kind StorageClass

HTTP request

get /apis/storage.k8s.io/v1/storageclasses

Table 2153. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 2154. HTTP responses
Code	Type
200 - OK	StorageClassList

Watch

watch changes to an object of kind StorageClass. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /apis/storage.k8s.io/v1/watch/storageclasses/{name}

Table 2155. Path parameters
Parameter	Description
`name`	name of the StorageClass

Table 2156. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 2157. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of StorageClass. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/storage.k8s.io/v1/watch/storageclasses

Table 2158. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 2159. HTTP responses
Code	Type
200 - OK	WatchEvent

VolumeAttachment v1 storage

Appears in

VolumeAttachmentList [storage/v1]

Definitions

VolumeAttachment [v1/storage]

The following table describes the parameters for the VolumeAttachment object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

VolumeAttachmentSpec

Specification of the desired attach/detach volume behavior. Populated by the Kubernetes system.

status

VolumeAttachmentStatus

Status of the VolumeAttachment request. Populated by the entity completing the attach or detach operation, i.e. the external-attacher.

VolumeAttachmentSpec [v1/storage]

The following table describes the parameters for VolumeAttachmentSpec object:

Field Type Description

attacher

string

Attacher indicates the name of the volume driver that MUST handle this request. This is the name returned by GetPluginName().

nodeName

string

The node that the volume should be attached to.

source

VolumeAttachmentSource

Source represents the volume that should be attached.

VolumeAttachmentStatus [v1/storage]

The following table describes the parameters for VolumeAttachmentStatus object:

Field Type Description

attachError

VolumeError

The last error encountered during attach operation, if any. This field must only be set by the entity completing the attach operation, i.e. the external-attacher.

attached

boolean

Indicates the volume is successfully attached. This field must only be set by the entity completing the attach operation, i.e. the external-attacher.

attachmentMetadata

object

Upon successful attach, this field is populated with any information returned by the attach operation that must be passed into subsequent WaitForAttach or Mount calls. This field must only be set by the entity completing the attach operation, i.e. the external-attacher.

detachError

VolumeError

The last error encountered during detach operation, if any. This field must only be set by the entity completing the detach operation, i.e. the external-attacher.

VolumeAttachmentList [v1/storage]

The following table describes the parameters for VolumeAttachmentList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

VolumeAttachment array

Items is the list of VolumeAttachments

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Standard list metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

VolumeError [v1/storage]

The following table describes the parameters for VolumeError object:

Field Type Description

message

string

String detailing the error encountered during Attach or Detach operation. This string may be logged, so it should not contain sensitive information.

time

Time

Time the error was encountered.

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

VolumeAttachmentSource [v1/storage]

The following table describes the parameters for VolumeAttachmentSource object:

Field Type Description

inlineVolumeSpec

PersistentVolumeSpec

inlineVolumeSpec contains all the information necessary to attach a persistent volume defined by a pod’s inline VolumeSource. This field is populated only for the CSIMigration feature. It contains translated fields from a pod’s inline VolumeSource to a PersistentVolumeSpec. This field is alpha-level and is only honored by servers that enabled the CSIMigration feature.

persistentVolumeName

string

Name of the persistent volume to attach.

PersistentVolumeSpec [v1/core]

The following table describes the parameters for PersistentVolumeSpec object:

Field Type Description

accessModes

string array

AccessModes contains all ways the volume can be mounted. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes

awsElasticBlockStore

AWSElasticBlockStoreVolumeSource

AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

azureDisk

AzureDiskVolumeSource

AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.

azureFile

AzureFilePersistentVolumeSource

AzureFile represents an Azure File Service mount on the host and bind mount to the pod.

capacity

object

A description of the persistent volume’s resources and capacity. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity

cephfs

CephFSPersistentVolumeSource

CephFS represents a Ceph FS mount on the host that shares a pod’s lifetime

cinder

CinderPersistentVolumeSource

Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

claimRef

ObjectReference

ClaimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. Expected to be non-nil when bound. claim.VolumeName is the authoritative bind between PV and PVC. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding

csi

CSIPersistentVolumeSource

CSI represents storage that is handled by an external CSI driver (Beta feature).

fc

FCVolumeSource

FC represents a Fibre Channel resource that is attached to a kubelet’s host machine and then exposed to the pod.

flexVolume

FlexPersistentVolumeSource

FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.

flocker

FlockerVolumeSource

Flocker represents a Flocker volume attached to a kubelet’s host machine and exposed to the pod for its usage. This depends on the Flocker control service being running

gcePersistentDisk

GCEPersistentDiskVolumeSource

GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. Provisioned by an admin. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

glusterfs

GlusterfsPersistentVolumeSource

Glusterfs represents a Glusterfs volume that is attached to a host and exposed to the pod. Provisioned by an admin. More info: https://examples.k8s.io/volumes/glusterfs/README.md

hostPath

HostPathVolumeSource

HostPath represents a directory on the host. Provisioned by a developer or tester. This is useful for single-node development and testing only! On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

iscsi

ISCSIPersistentVolumeSource

ISCSI represents an ISCSI Disk resource that is attached to a kubelet’s host machine and then exposed to the pod. Provisioned by an admin.

local

LocalVolumeSource

Local represents directly-attached storage with node affinity

mountOptions

string array

A list of mount options, e.g. ["ro", "soft"]. Not validated - mount will simply fail if one is invalid. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options

nfs

NFSVolumeSource

NFS represents an NFS mount on the host. Provisioned by an admin. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

nodeAffinity

VolumeNodeAffinity

NodeAffinity defines constraints that limit what nodes this volume can be accessed from. This field influences the scheduling of pods that use this volume.

persistentVolumeReclaimPolicy

string

What happens to a persistent volume when released from its claim. Valid options are Retain (default for manually created PersistentVolumes), Delete (default for dynamically provisioned PersistentVolumes), and Recycle (deprecated). Recycle must be supported by the volume plugin underlying this PersistentVolume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming

photonPersistentDisk

PhotonPersistentDiskVolumeSource

PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine

portworxVolume

PortworxVolumeSource

PortworxVolume represents a portworx volume attached and mounted on kubelets host machine

quobyte

QuobyteVolumeSource

Quobyte represents a Quobyte mount on the host that shares a pod’s lifetime

rbd

RBDPersistentVolumeSource

RBD represents a Rados Block Device mount on the host that shares a pod’s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md

scaleIO

ScaleIOPersistentVolumeSource

ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.

storageClassName

string

Name of StorageClass to which this persistent volume belongs. Empty value means that this volume does not belong to any StorageClass.

storageos

StorageOSPersistentVolumeSource

StorageOS represents a StorageOS volume that is attached to the kubelet’s host machine and mounted into the pod More info: https://examples.k8s.io/volumes/storageos/README.md

volumeMode

string

volumeMode defines if a volume is intended to be used with a formatted filesystem or to remain in raw block state. Value of Filesystem is implied when not included in spec. This is a beta feature.

vsphereVolume

VsphereVirtualDiskVolumeSource

VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine

VsphereVirtualDiskVolumeSource [v1/core]

The following table describes the parameters for VsphereVirtualDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

storagePolicyID

string

Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.

storagePolicyName

string

Storage Policy Based Management (SPBM) profile name.

volumePath

string

Path that identifies vSphere volume vmdk

StorageOSPersistentVolumeSource [v1/core]

The following table describes the parameters for StorageOSPersistentVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

ObjectReference

SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.

volumeName

string

VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.

volumeNamespace

string

VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod’s namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.

ObjectReference [v1/core]

The following table describes the parameters for ObjectReference object:

Field Type Description

apiVersion

string

API version of the referent.

fieldPath

string

If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

ScaleIOPersistentVolumeSource [v1/core]

The following table describes the parameters for ScaleIOPersistentVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs"

gateway

string

The host address of the ScaleIO API Gateway.

protectionDomain

string

The name of the ScaleIO Protection Domain for the configured storage.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

SecretReference

SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.

sslEnabled

boolean

Flag to enable/disable SSL communication with Gateway, default false

storageMode

string

Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.

storagePool

string

The ScaleIO Storage Pool associated with the protection domain.

system

string

The name of the storage system as configured in ScaleIO.

volumeName

string

The name of a volume already created in the ScaleIO system that is associated with this volume source.

SecretReference [v1/core]

The following table describes the parameters for SecretReference object:

Field Type Description

name

string

Name is unique within a namespace to reference a secret resource.

namespace

string

Namespace defines the space within which the secret name must be unique.

RBDPersistentVolumeSource [v1/core]

The following table describes the parameters for RBDPersistentVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd

image

string

The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

keyring

string

Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

monitors

string array

A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

pool

string

The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

secretRef

SecretReference

SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

user

string

The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it

QuobyteVolumeSource [v1/core]

The following table describes the parameters for QuobyteVolumeSource object:

Field Type Description

group

string

Group to map volume access to Default is no group

readOnly

boolean

ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.

registry

string

Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes

tenant

string

Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin

user

string

User to map volume access to Defaults to serivceaccount user

volume

string

Volume is a string that references an already created Quobyte volume by name.

PortworxVolumeSource [v1/core]

The following table describes the parameters for PortworxVolumeSource object:

Field Type Description

fsType

string

FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

volumeID

string

VolumeID uniquely identifies a Portworx volume

PhotonPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for PhotonPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

pdID

string

ID that identifies Photon Controller persistent disk

VolumeNodeAffinity [v1/core]

The following table describes the parameters for VolumeNodeAffinity object:

Field Type Description

required

NodeSelector

Required specifies hard node constraints that must be met.

NodeSelector [v1/core]

The following table describes the parameters for NodeSelector object:

Field Type Description

nodeSelectorTerms

NodeSelectorTerm array

Required. A list of node selector terms. The terms are ORed.

NodeSelectorTerm [v1/core]

The following table describes the parameters for NodeSelectorTerm object:

Field Type Description

matchExpressions

NodeSelectorRequirement array

A list of node selector requirements by node’s labels.

matchFields

NodeSelectorRequirement array

A list of node selector requirements by node’s fields.

NodeSelectorRequirement [v1/core]

The following table describes the parameters for NodeSelectorRequirement object:

Field Type Description

key

string

The label key that the selector applies to.

operator

string

Represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.

values

string array

An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.

NFSVolumeSource [v1/core]

The following table describes the parameters for NFSVolumeSource object:

Field Type Description

path

string

Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

readOnly

boolean

ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

server

string

Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs

LocalVolumeSource [v1/core]

The following table describes the parameters for LocalVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. It applies only when the Path is a block device. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default value is to auto-select a fileystem if unspecified.

path

string

The full path to the volume on the node. It can be either a directory or block device (disk, partition, …).

ISCSIPersistentVolumeSource [v1/core]

The following table describes the parameters for ISCSIPersistentVolumeSource object:

Field Type Description

chapAuthDiscovery

boolean

whether support iSCSI Discovery CHAP authentication

chapAuthSession

boolean

whether support iSCSI Session CHAP authentication

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi

initiatorName

string

Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface <target portal>:<volume name> will be created for the connection.

iqn

string

Target iSCSI Qualified Name.

iscsiInterface

string

iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).

lun

integer

iSCSI Target Lun number.

portals

string array

iSCSI Target Portal List. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.

secretRef

SecretReference

CHAP Secret for iSCSI target and initiator authentication

targetPortal

string

iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).

HostPathVolumeSource [v1/core]

The following table describes the parameters for HostPathVolumeSource object:

Field Type Description

path

string

Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

type

string

Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath

GlusterfsPersistentVolumeSource [v1/core]

The following table describes the parameters for GlusterfsPersistentVolumeSource object:

Field Type Description

endpoints

string

EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

endpointsNamespace

string

EndpointsNamespace is the namespace that contains Glusterfs endpoint. If this field is empty, the EndpointNamespace defaults to the same namespace as the bound PVC. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

path

string

Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

readOnly

boolean

ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod

GCEPersistentDiskVolumeSource [v1/core]

The following table describes the parameters for GCEPersistentDiskVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

pdName

string

Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

readOnly

boolean

ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

FlockerVolumeSource [v1/core]

The following table describes the parameters for FlockerVolumeSource object:

Field Type Description

datasetName

string

Name of the dataset stored as metadata → name on the dataset for Flocker should be considered as deprecated

datasetUUID

string

UUID of the dataset. This is unique identifier of a Flocker dataset

FlexPersistentVolumeSource [v1/core]

The following table describes the parameters for FlexPersistentVolumeSource object:

Field Type Description

driver

string

Driver is the name of the driver to use for this volume.

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.

options

object

Optional: Extra command options if any.

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretRef

SecretReference

Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.

FCVolumeSource [v1/core]

The following table describes the parameters for FCVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

lun

integer

Optional: FC target lun number

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

targetWWNs

string array

Optional: FC target worldwide names (WWNs)

wwids

string array

Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.

CSIPersistentVolumeSource [v1/core]

The following table describes the parameters for CSIPersistentVolumeSource object:

Field Type Description

controllerExpandSecretRef

SecretReference

ControllerExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerExpandVolume call. This is an alpha field and requires enabling ExpandCSIVolumes feature gate. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.

controllerPublishSecretRef

SecretReference

ControllerPublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerPublishVolume and ControllerUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.

driver

string

Driver is the name of the driver to use for this volume. Required.

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs".

nodePublishSecretRef

SecretReference

NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.

nodeStageSecretRef

SecretReference

NodeStageSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodeStageVolume and NodeStageVolume and NodeUnstageVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.

readOnly

boolean

Optional: The value to pass to ControllerPublishVolumeRequest. Defaults to false (read/write).

volumeAttributes

object

Attributes of the volume to publish.

volumeHandle

string

VolumeHandle is the unique volume name returned by the CSI volume plugin’s CreateVolume to refer to the volume on all subsequent calls. Required.

CinderPersistentVolumeSource [v1/core]

The following table describes the parameters for CinderPersistentVolumeSource object:

Field Type Description

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

secretRef

SecretReference

Optional: points to a secret object containing parameters used to connect to RHOSP.

volumeID

string

volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md

CephFSPersistentVolumeSource [v1/core]

The following table describes the parameters for CephFSPersistentVolumeSource object:

Field Type Description

monitors

string array

Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

path

string

Optional: Used as the mounted root, rather than the full Ceph tree, default is /

readOnly

boolean

Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretFile

string

Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

secretRef

SecretReference

Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

user

string

Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it

AzureFilePersistentVolumeSource [v1/core]

The following table describes the parameters for AzureFilePersistentVolumeSource object:

Field Type Description

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

secretName

string

the name of secret that contains Azure Storage Account Name and Key

secretNamespace

string

the namespace of the secret that contains Azure Storage Account Name and Key default is the same as the Pod

shareName

string

Share Name

AzureDiskVolumeSource [v1/core]

The following table describes the parameters for AzureDiskVolumeSource object:

Field Type Description

cachingMode

string

Host Caching mode: None, Read Only, Read Write.

diskName

string

The Name of the data disk in the blob storage

diskURI

string

The URI the data disk in the blob storage

fsType

string

Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.

kind

string

Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared

readOnly

boolean

Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.

AWSElasticBlockStoreVolumeSource [v1/core]

The following table describes the parameters for AWSElasticBlockStoreVolumeSource object:

Field Type Description

fsType

string

Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

partition

integer

The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).

readOnly

boolean

Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

volumeID

string

Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Write Operations

Create

create a VolumeAttachment

HTTP request

post /apis/storage.k8s.io/v1/volumeattachments

Table 2160. HTTP body
Object	Type
`body`	VolumeAttachment

Table 2161. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 2162. HTTP responses
Code	Type
200 - OK	VolumeAttachment
201 - Created	VolumeAttachment
202 - Accepted	VolumeAttachment

Patch

partially update the specified VolumeAttachment

HTTP request

patch /apis/storage.k8s.io/v1/volumeattachments/{name}

Table 2163. HTTP body
Object	Type
`body`	Patch

Table 2164. Path parameters
Parameter	Description
`name`	name of the VolumeAttachment

Table 2165. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 2166. HTTP responses
Code	Type
200 - OK	VolumeAttachment

Replace

replace the specified VolumeAttachment

HTTP request

put /apis/storage.k8s.io/v1/volumeattachments/{name}

Table 2167. HTTP body
Object	Type
`body`	VolumeAttachment

Table 2168. Path parameters
Parameter	Description
`name`	name of the VolumeAttachment

Table 2169. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 2170. HTTP responses
Code	Type
200 - OK	VolumeAttachment
201 - Created	VolumeAttachment

Delete

delete a VolumeAttachment

HTTP request

delete /apis/storage.k8s.io/v1/volumeattachments/{name}

Table 2171. HTTP body
Object	Type
`body`	DeleteOptions

Table 2172. Path parameters
Parameter	Description
`name`	name of the VolumeAttachment

Table 2173. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.

Table 2174. HTTP responses
Code	Type
200 - OK	Status
202 - Accepted	Status

Delete Collection

delete collection of VolumeAttachment

HTTP request

delete /apis/storage.k8s.io/v1/volumeattachments

Table 2175. HTTP body
Object	Type
`body`	DeleteOptions

Table 2176. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`gracePeriodSeconds`	The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`orphanDependents`	Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the "orphan" finalizer will be added to/removed from the object’s finalizers list. Either this field or PropagationPolicy may be set, but not both.
`propagationPolicy`	Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 2177. HTTP responses
Code	Type
200 - OK	Status

Read Operations

Read

read the specified VolumeAttachment

HTTP request

get /apis/storage.k8s.io/v1/volumeattachments/{name}

Table 2178. Path parameters
Parameter	Description
`name`	name of the VolumeAttachment

Table 2179. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`exact`	Should the export be exact. Exact export maintains cluster-specific fields like 'Namespace'. Deprecated. Planned for removal in 1.18.
`export`	Should this value be exported. Export strips fields that a user can not specify. Deprecated. Planned for removal in 1.18.

Table 2180. HTTP responses
Code	Type
200 - OK	VolumeAttachment

List

list or watch objects of kind VolumeAttachment

HTTP request

get /apis/storage.k8s.io/v1/volumeattachments

Table 2181. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 2182. HTTP responses
Code	Type
200 - OK	VolumeAttachmentList

Watch

watch changes to an object of kind VolumeAttachment. deprecated: use the 'watch' parameter with a list operation instead, filtered to a single item with the 'fieldSelector' parameter.

HTTP request

get /apis/storage.k8s.io/v1/watch/volumeattachments/{name}

Table 2183. Path parameters
Parameter	Description
`name`	name of the VolumeAttachment

Table 2184. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 2185. HTTP responses
Code	Type
200 - OK	WatchEvent

Watch List

watch individual changes to a list of VolumeAttachment. deprecated: use the 'watch' parameter with a list operation instead.

HTTP request

get /apis/storage.k8s.io/v1/watch/volumeattachments

Table 2186. Query parameters
Parameter	Description
`allowWatchBookmarks`	allowWatchBookmarks requests watch events with type "BOOKMARK". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server’s discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored. If the feature gate WatchBookmarks is not enabled in apiserver, this field is ignored. This field is beta.
`continue`	The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the "next key". This field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.
`fieldSelector`	A selector to restrict the list of returned objects by their fields. Defaults to everything.
`labelSelector`	A selector to restrict the list of returned objects by their labels. Defaults to everything.
`limit`	limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true. The server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.
`pretty`	If 'true', then the output is pretty printed.
`resourceVersion`	When specified with a watch call, shows changes that occur after that particular version of a resource. Defaults to changes from the beginning of history. When specified for list: - if unset, then the result is returned from remote storage based on quorum-read flag; - if it’s 0, then we simply return what we currently have in cache, no guarantee; - if set to non zero, then the result is at least as fresh as given rv.
`timeoutSeconds`	Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.
`watch`	Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.

Table 2187. HTTP responses
Code	Type
200 - OK	WatchEvent

Status Operations

Patch Status

partially update status of the specified VolumeAttachment

HTTP request

patch /apis/storage.k8s.io/v1/volumeattachments/{name}/status

Table 2188. HTTP body
Object	Type
`body`	Patch

Table 2189. Path parameters
Parameter	Description
`name`	name of the VolumeAttachment

Table 2190. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).
`force`	Force is going to "force" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.

Table 2191. HTTP responses
Code	Type
200 - OK	VolumeAttachment

Read Status

read status of the specified VolumeAttachment

HTTP request

get /apis/storage.k8s.io/v1/volumeattachments/{name}/status

Table 2192. Path parameters
Parameter	Description
`name`	name of the VolumeAttachment

Table 2193. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.

Table 2194. HTTP responses
Code	Type
200 - OK	VolumeAttachment

Replace Status

replace status of the specified VolumeAttachment

HTTP request

put /apis/storage.k8s.io/v1/volumeattachments/{name}/status

Table 2195. HTTP body
Object	Type
`body`	VolumeAttachment

Table 2196. Path parameters
Parameter	Description
`name`	name of the VolumeAttachment

Table 2197. Query parameters
Parameter	Description
`pretty`	If 'true', then the output is pretty printed.
`dryRun`	When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
`fieldManager`	fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.

Table 2198. HTTP responses
Code	Type
200 - OK	VolumeAttachment
201 - Created	VolumeAttachment

BrokerTemplateInstance v1 template.openshift.io

Appears in

BrokerTemplateInstanceList [template.openshift.io/v1]

Definitions

BrokerTemplateInstance [v1/template.openshift.io]

The following table describes the parameters for the BrokerTemplateInstance object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

spec

BrokerTemplateInstanceSpec

spec describes the state of this BrokerTemplateInstance.

BrokerTemplateInstanceSpec [v1/template.openshift.io]

The following table describes the parameters for BrokerTemplateInstanceSpec object:

Field Type Description

bindingIDs

string array

bindingids is a list of 'binding_id’s provided during successive bind calls to the template service broker.

secret

ObjectReference

secret is a reference to a Secret object residing in a namespace, containing the necessary template parameters.

templateInstance

ObjectReference

templateinstance is a reference to a TemplateInstance object residing in a namespace.

BrokerTemplateInstanceList [v1/template.openshift.io]

The following table describes the parameters for BrokerTemplateInstanceList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

BrokerTemplateInstance array

items is a list of BrokerTemplateInstances

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

ObjectReference [v1/core]

The following table describes the parameters for ObjectReference object:

Field Type Description

apiVersion

string

API version of the referent.

fieldPath

string

If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

ObjectMeta_v2 [v1/meta]

The following table describes the parameters for ObjectMeta_v2 object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Template v1 template.openshift.io

Appears in

TemplateInstanceSpec [template.openshift.io/v1]
TemplateList [template.openshift.io/v1]

Definitions

Template [v1/template.openshift.io]

The following table describes the parameters for the Template object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

labels

object

labels is a optional set of labels that are applied to every object during the Template to Config transformation.

message

string

message is an optional instructional message that will be displayed when this template is instantiated. This field should inform the user how to utilize the newly created resources. Parameter substitution will be performed on the message before being displayed so that generated credentials and other parameters can be included in the output.

metadata

ObjectMeta_v2

objects

array

objects is an array of resources to include in this template. If a namespace value is hardcoded in the object, it will be removed during template instantiation, however if the namespace value is, or contains, a ${PARAMETER_REFERENCE}, the resolved value after parameter substitution will be respected and the object will be created in that namespace.

parameters

Parameter array

parameters is an optional array of Parameters used during the Template to Config transformation.

TemplateList [v1/template.openshift.io]

The following table describes the parameters for TemplateList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Template array

Items is a list of templates

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Parameter [v1/template.openshift.io]

The following table describes the parameters for Parameter object:

Field Type Description

description

string

Description of a parameter. Optional.

displayName

string

Optional: The name that will show in UI instead of parameter 'Name'

from

string

From is an input value for the generator. Optional.

generate

string

generate specifies the generator to be used to generate random string from an input value specified by From field. The result string is stored into Value field. If empty, no generator is being used, leaving the result Value untouched. Optional.

The only supported generator is "expression", which accepts a "from" value in the form of a simple regular expression containing the range expression "[a-zA-Z0-9]", and the length expression "a{length}".

Examples:

from

value ----------------------------- "test[0-9]{1}x"

"test7x" "[0-1]{8}"

"01001100" "0x[A-F0-9]{4}"

"0xB3AF" "[a-zA-Z0-9]{8}"

"hW4yQU5i"

name

string

Name must be set and it can be referenced in Template Items using ${PARAMETER_NAME}. Required.

required

boolean

Optional: Indicates the parameter must have a value. Defaults to false.

value

ObjectMeta_v2 [v1/meta]

The following table describes the parameters for ObjectMeta_v2 object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Template v1 template.openshift.io

Appears in

TemplateInstanceSpec [template.openshift.io/v1]
TemplateList [template.openshift.io/v1]

Definitions

Template [v1/template.openshift.io]

The following table describes the parameters for the Template object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

labels

object

labels is a optional set of labels that are applied to every object during the Template to Config transformation.

message

string

message is an optional instructional message that will be displayed when this template is instantiated. This field should inform the user how to utilize the newly created resources. Parameter substitution will be performed on the message before being displayed so that generated credentials and other parameters can be included in the output.

metadata

ObjectMeta_v2

objects

array

objects is an array of resources to include in this template. If a namespace value is hardcoded in the object, it will be removed during template instantiation, however if the namespace value is, or contains, a ${PARAMETER_REFERENCE}, the resolved value after parameter substitution will be respected and the object will be created in that namespace.

parameters

Parameter array

parameters is an optional array of Parameters used during the Template to Config transformation.

TemplateList [v1/template.openshift.io]

The following table describes the parameters for TemplateList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Template array

Items is a list of templates

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

Parameter [v1/template.openshift.io]

The following table describes the parameters for Parameter object:

Field Type Description

description

string

Description of a parameter. Optional.

displayName

string

Optional: The name that will show in UI instead of parameter 'Name'

from

string

From is an input value for the generator. Optional.

generate

string

generate specifies the generator to be used to generate random string from an input value specified by From field. The result string is stored into Value field. If empty, no generator is being used, leaving the result Value untouched. Optional.

The only supported generator is "expression", which accepts a "from" value in the form of a simple regular expression containing the range expression "[a-zA-Z0-9]", and the length expression "a{length}".

Examples:

from

value ----------------------------- "test[0-9]{1}x"

"test7x" "[0-1]{8}"

"01001100" "0x[A-F0-9]{4}"

"0xB3AF" "[a-zA-Z0-9]{8}"

"hW4yQU5i"

name

string

Name must be set and it can be referenced in Template Items using ${PARAMETER_NAME}. Required.

required

boolean

Optional: Indicates the parameter must have a value. Defaults to false.

value

ObjectMeta_v2 [v1/meta]

The following table describes the parameters for ObjectMeta_v2 object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

TemplateInstance v1 template.openshift.io

Appears in

TemplateInstanceList [template.openshift.io/v1]

Definitions

TemplateInstance [v1/template.openshift.io]

The following table describes the parameters for the TemplateInstance object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

spec

TemplateInstanceSpec

spec describes the desired state of this TemplateInstance.

status

TemplateInstanceStatus

status describes the current state of this TemplateInstance.

TemplateInstanceSpec [v1/template.openshift.io]

The following table describes the parameters for TemplateInstanceSpec object:

Field Type Description

requester

TemplateInstanceRequester

requester holds the identity of the agent requesting the template instantiation.

secret

LocalObjectReference

secret is a reference to a Secret object containing the necessary template parameters.

template

Template

template is a full copy of the template for instantiation.

TemplateInstanceStatus [v1/template.openshift.io]

The following table describes the parameters for TemplateInstanceStatus object:

Field Type Description

conditions

TemplateInstanceCondition array

conditions represent the latest available observations of a TemplateInstance’s current state.

objects

TemplateInstanceObject array

Objects references the objects created by the TemplateInstance.

TemplateInstanceList [v1/template.openshift.io]

The following table describes the parameters for TemplateInstanceList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

TemplateInstance array

items is a list of Templateinstances

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

TemplateInstanceObject [v1/template.openshift.io]

The following table describes the parameters for TemplateInstanceObject object:

Field Type Description

ref

ObjectReference

ref is a reference to the created object. When used under .spec, only name and namespace are used; these can contain references to parameters which will be substituted following the usual rules.

ObjectReference [v1/core]

The following table describes the parameters for ObjectReference object:

Field Type Description

apiVersion

string

API version of the referent.

fieldPath

string

If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

TemplateInstanceCondition [v1/template.openshift.io]

The following table describes the parameters for TemplateInstanceCondition object:

Field Type Description

lastTransitionTime

Time

LastTransitionTime is the last time a condition status transitioned from one state to another.

message

string

Message is a human readable description of the details of the last transition, complementing reason.

reason

string

Reason is a brief machine readable explanation for the condition’s last transition.

status

string

Status of the condition, one of True, False or Unknown.

type

string

Type of the condition, currently Ready or InstantiateFailure.

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

Template [v1/template.openshift.io]

The following table describes the parameters for Template object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

labels

object

labels is a optional set of labels that are applied to every object during the Template to Config transformation.

message

string

message is an optional instructional message that will be displayed when this template is instantiated. This field should inform the user how to utilize the newly created resources. Parameter substitution will be performed on the message before being displayed so that generated credentials and other parameters can be included in the output.

metadata

ObjectMeta_v2

objects

array

objects is an array of resources to include in this template. If a namespace value is hardcoded in the object, it will be removed during template instantiation, however if the namespace value is, or contains, a ${PARAMETER_REFERENCE}, the resolved value after parameter substitution will be respected and the object will be created in that namespace.

parameters

Parameter array

parameters is an optional array of Parameters used during the Template to Config transformation.

Parameter [v1/template.openshift.io]

The following table describes the parameters for Parameter object:

Field Type Description

description

string

Description of a parameter. Optional.

displayName

string

Optional: The name that will show in UI instead of parameter 'Name'

from

string

From is an input value for the generator. Optional.

generate

string

generate specifies the generator to be used to generate random string from an input value specified by From field. The result string is stored into Value field. If empty, no generator is being used, leaving the result Value untouched. Optional.

The only supported generator is "expression", which accepts a "from" value in the form of a simple regular expression containing the range expression "[a-zA-Z0-9]", and the length expression "a{length}".

Examples:

from

value ----------------------------- "test[0-9]{1}x"

"test7x" "[0-1]{8}"

"01001100" "0x[A-F0-9]{4}"

"0xB3AF" "[a-zA-Z0-9]{8}"

"hW4yQU5i"

name

string

Name must be set and it can be referenced in Template Items using ${PARAMETER_NAME}. Required.

required

boolean

Optional: Indicates the parameter must have a value. Defaults to false.

value

ObjectMeta_v2 [v1/meta]

The following table describes the parameters for ObjectMeta_v2 object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

LocalObjectReference [v1/core]

The following table describes the parameters for LocalObjectReference object:

Field Type Description

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

TemplateInstanceRequester [v1/template.openshift.io]

The following table describes the parameters for TemplateInstanceRequester object:

Field Type Description

extra

object

extra holds additional information provided by the authenticator.

groups

string array

groups represent the groups this user is a part of.

uid

string

uid is a unique value that identifies this user across time; if this user is deleted and another user by the same name is added, they will have different UIDs.

username

string

username uniquely identifies this user among all active users.

Operations

Tuned v1 tuned.openshift.io

Appears in

TunedList [tuned.openshift.io/v1]

Definitions

Tuned [v1/tuned.openshift.io]

The following table describes the parameters for the Tuned object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

spec

object

spec is the specification of the desired behavior of Tuned. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status

status

object

Status is the current state of Tuned. This cannot be overriden.

TunedList [v1/tuned.openshift.io]

The following table describes the parameters for TunedList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Tuned array

List of tuneds. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

object

ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.

ObjectMeta [v1/meta]

The following table describes the parameters for ObjectMeta object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Group v1 user.openshift.io

Appears in

GroupList [user.openshift.io/v1]

Definitions

Group [v1/user.openshift.io]

The following table describes the parameters for the Group object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

users

string array

Users is the list of users in this group.

GroupList [v1/user.openshift.io]

The following table describes the parameters for GroupList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Group array

Items is the list of groups

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

ObjectMeta_v2 [v1/meta]

The following table describes the parameters for ObjectMeta_v2 object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

Identity v1 user.openshift.io

Appears in

IdentityList [user.openshift.io/v1]

Definitions

Identity [v1/user.openshift.io]

The following table describes the parameters for the Identity object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

extra

object

Extra holds extra information about this identity

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

providerName

string

ProviderName is the source of identity information

providerUserName

string

ProviderUserName uniquely represents this identity in the scope of the provider

user

ObjectReference

User is a reference to the user this identity is associated with Both Name and UID must be set

IdentityList [v1/user.openshift.io]

The following table describes the parameters for IdentityList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

Identity array

Items is the list of identities

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

ObjectReference [v1/core]

The following table describes the parameters for ObjectReference object:

Field Type Description

apiVersion

string

API version of the referent.

fieldPath

string

If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

ObjectMeta_v2 [v1/meta]

The following table describes the parameters for ObjectMeta_v2 object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

User v1 user.openshift.io

Appears in

UserList [user.openshift.io/v1]

Definitions

User [v1/user.openshift.io]

The following table describes the parameters for the User object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

fullName

string

FullName is the full name of user

groups

string array

Groups specifies group names this user is a member of. This field is deprecated and will be removed in a future release. Instead, create a Group object containing the name of this User.

identities

string array

Identities are the identities associated with this user

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

UserList [v1/user.openshift.io]

The following table describes the parameters for UserList object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

items

User array

Items is the list of users

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ListMeta

ObjectMeta_v2 [v1/meta]

The following table describes the parameters for ObjectMeta_v2 object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

Operations

UserIdentityMapping v1 user.openshift.io

Definitions

UserIdentityMapping [v1/user.openshift.io]

The following table describes the parameters for the UserIdentityMapping object:

Field Type Description

apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

identity

ObjectReference

Identity is a reference to an identity

kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata

ObjectMeta_v2

user

ObjectReference

User is a reference to a user

ObjectMeta_v2 [v1/meta]

The following table describes the parameters for ObjectMeta_v2 object:

Field Type Description

annotations

object

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations

clusterName

string

The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.

creationTimestamp

Time

CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.

Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

deletionGracePeriodSeconds

integer

Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.

deletionTimestamp

Time

DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.

Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

finalizers

string array

Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.

generateName

string

GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.

If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).

Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency

generation

integer

A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.

labels

object

Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels

managedFields

ManagedFieldsEntry array

ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn’t need to set or understand this field. A workflow can be the user’s name, a controller’s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.

name

string

Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names

namespace

string

Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.

Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces

ownerReferences

OwnerReference array

List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.

resourceVersion

string

An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.

Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

selfLink

string

SelfLink is a URL representing this object. Populated by the system. Read-only.

DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.

uid

string

UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.

Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

OwnerReference [v1/meta]

The following table describes the parameters for OwnerReference object:

Field Type Description

apiVersion

string

API version of the referent.

blockOwnerDeletion

boolean

If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.

controller

boolean

If true, this reference points to the managing controller.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names

uid

string

UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids

ManagedFieldsEntry [v1/meta]

The following table describes the parameters for ManagedFieldsEntry object:

Field Type Description

apiVersion

string

APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.

fieldsType

string

FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"

fieldsV1

FieldsV1

FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.

manager

string

Manager is an identifier of the workflow managing these fields.

operation

string

Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.

time

Time

Time is timestamp of when these fields were set. It should always be empty if Operation is 'Apply'

Time [v1/meta]

The following table describes the parameters for Time object:

Field

Type

Description

FieldsV1 [v1/meta]

The following table describes the parameters for FieldsV1 object:

Field

Type

Description

ObjectReference [v1/core]

The following table describes the parameters for ObjectReference object:

Field Type Description

apiVersion

string

API version of the referent.

fieldPath

string

If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.

kind

string

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

name

string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

namespace

string

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

resourceVersion

string

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

uid

string

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

OpenShift Container Platform 4.3 REST APIs

OpenShift APIs

Binding v1 core

Definitions

Binding [v1/core]

ObjectReference [v1/core]

ObjectMeta [v1/meta]

OwnerReference [v1/meta]

ManagedFieldsEntry [v1/meta]

Time [v1/meta]

FieldsV1 [v1/meta]

Operations

Write Operations

Create

ComponentStatus v1 core

Definitions

ComponentStatus [v1/core]

ComponentStatusList [v1/core]

ObjectMeta [v1/meta]

OwnerReference [v1/meta]

ManagedFieldsEntry [v1/meta]

Time [v1/meta]

FieldsV1 [v1/meta]

ComponentCondition [v1/core]

Operations

Read Operations

Read

List

ConfigMap v1 core

Definitions

ConfigMap [v1/core]

ConfigMapList [v1/core]

ObjectMeta [v1/meta]

OwnerReference [v1/meta]

ManagedFieldsEntry [v1/meta]

Time [v1/meta]

FieldsV1 [v1/meta]

Operations

Write Operations

Create

Patch

Replace

Delete

Delete Collection

Read Operations

Read

List

List All Namespaces

Watch

Watch List

Watch List All Namespaces

Endpoints v1 core

Definitions

Endpoints [v1/core]

EndpointsList [v1/core]

EndpointSubset [v1/core]

EndpointPort [v1/core]

EndpointAddress [v1/core]

ObjectReference [v1/core]

ObjectMeta [v1/meta]

OwnerReference [v1/meta]

ManagedFieldsEntry [v1/meta]

Time [v1/meta]

FieldsV1 [v1/meta]

Operations

Write Operations

Create

Patch

Replace

Delete

Delete Collection

Read Operations

Read

List

List All Namespaces

Watch

Watch List

Watch List All Namespaces

Event v1 core

Definitions