"description":"capabilities for container; cannot be updated; deprecated; See SecurityContext"
"description":"capabilities for container; cannot be updated"
},
},
"command":{
"command":{
"type":"array",
"type":"array",
...
@@ -7563,7 +7563,7 @@
...
@@ -7563,7 +7563,7 @@
},
},
"privileged":{
"privileged":{
"type":"boolean",
"type":"boolean",
"description":"whether or not the container is granted privileged status; defaults to false; cannot be updated; deprecated; See SecurityContext"
"description":"whether or not the container is granted privileged status; defaults to false; cannot be updated"
},
},
"readinessProbe":{
"readinessProbe":{
"$ref":"v1beta1.LivenessProbe",
"$ref":"v1beta1.LivenessProbe",
...
@@ -7573,10 +7573,6 @@
...
@@ -7573,10 +7573,6 @@
"$ref":"v1beta1.ResourceRequirements",
"$ref":"v1beta1.ResourceRequirements",
"description":"Compute Resources required by this container; cannot be updated"
"description":"Compute Resources required by this container; cannot be updated"
},
},
"securityContext":{
"$ref":"v1beta1.SecurityContext",
"description":"security options the pod should run with"
},
"terminationMessagePath":{
"terminationMessagePath":{
"type":"string",
"type":"string",
"description":"path at which the file to which the container's termination message will be written is mounted into the container's filesystem; message written is intended to be brief final status, such as an assertion failure message; defaults to /dev/termination-log; cannot be updated"
"description":"path at which the file to which the container's termination message will be written is mounted into the container's filesystem; message written is intended to be brief final status, such as an assertion failure message; defaults to /dev/termination-log; cannot be updated"
...
@@ -7627,8 +7623,7 @@
...
@@ -7627,8 +7623,7 @@
"description":"restart policy for all containers within the pod; one of RestartPolicyAlways, RestartPolicyOnFailure, RestartPolicyNever"
"description":"restart policy for all containers within the pod; one of RestartPolicyAlways, RestartPolicyOnFailure, RestartPolicyNever"
},
},
"terminationGracePeriodSeconds":{
"terminationGracePeriodSeconds":{
"type":"integer",
"$ref":"int64",
"format":"int64",
"description":"optional duration in seconds the pod needs to terminate gracefully; may be decreased in delete request; value must be non-negative integer; the value zero indicates delete immediately; if this value is not set, the default grace period will be used instead; the grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal; set this value longer than the expected cleanup time for your process"
"description":"optional duration in seconds the pod needs to terminate gracefully; may be decreased in delete request; value must be non-negative integer; the value zero indicates delete immediately; if this value is not set, the default grace period will be used instead; the grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal; set this value longer than the expected cleanup time for your process"
},
},
"uuid":{
"uuid":{
...
@@ -7705,8 +7700,7 @@
...
@@ -7705,8 +7700,7 @@
"description":"an optional prefix to use to generate a unique name; has the same validation rules as name; optional, and is applied only name if is not specified"
"description":"an optional prefix to use to generate a unique name; has the same validation rules as name; optional, and is applied only name if is not specified"
},
},
"gracePeriodSeconds":{
"gracePeriodSeconds":{
"type":"integer",
"$ref":"int64",
"format":"int64",
"description":"the duration in seconds to wait before deleting this object; defaults to a per object value if not specified; zero means delete immediately"
"description":"the duration in seconds to wait before deleting this object; defaults to a per object value if not specified; zero means delete immediately"
},
},
"id":{
"id":{
...
@@ -9823,27 +9817,6 @@
...
@@ -9823,27 +9817,6 @@
"id":"v1beta1.RestartPolicyOnFailure",
"id":"v1beta1.RestartPolicyOnFailure",
"properties":{}
"properties":{}
},
},
"v1beta1.SELinuxOptions":{
"id":"v1beta1.SELinuxOptions",
"properties":{
"level":{
"type":"string",
"description":"the level label to apply to the container"
},
"role":{
"type":"string",
"description":"the role label to apply to the container"
},
"type":{
"type":"string",
"description":"the type label to apply to the container"
},
"user":{
"type":"string",
"description":"the user label to apply to the container"
}
}
},
"v1beta1.Secret":{
"v1beta1.Secret":{
"id":"v1beta1.Secret",
"id":"v1beta1.Secret",
"properties":{
"properties":{
...
@@ -9972,28 +9945,6 @@
...
@@ -9972,28 +9945,6 @@
}
}
}
}
},
},
"v1beta1.SecurityContext":{
"id":"v1beta1.SecurityContext",
"properties":{
"capabilities":{
"$ref":"v1beta1.Capabilities",
"description":"the linux capabilites that should be added or removed"
},
"privileged":{
"type":"boolean",
"description":"run the container in privileged mode"
},
"runAsUser":{
"type":"integer",
"format":"int64",
"description":"the user id that runs the first process in the container"
},
"seLinuxOptions":{
"$ref":"v1beta1.SELinuxOptions",
"description":"options that control the SELinux labels applied"
"description":"capabilities for container; cannot be updated; deprecated; See SecurityContext"
"description":"capabilities for container; cannot be updated"
},
},
"command":{
"command":{
"type":"array",
"type":"array",
...
@@ -7563,7 +7563,7 @@
...
@@ -7563,7 +7563,7 @@
},
},
"privileged":{
"privileged":{
"type":"boolean",
"type":"boolean",
"description":"whether or not the container is granted privileged status; defaults to false; cannot be updated; deprecated; See SecurityContext"
"description":"whether or not the container is granted privileged status; defaults to false; cannot be updated"
},
},
"readinessProbe":{
"readinessProbe":{
"$ref":"v1beta2.LivenessProbe",
"$ref":"v1beta2.LivenessProbe",
...
@@ -7573,10 +7573,6 @@
...
@@ -7573,10 +7573,6 @@
"$ref":"v1beta2.ResourceRequirements",
"$ref":"v1beta2.ResourceRequirements",
"description":"Compute Resources required by this container; cannot be updated"
"description":"Compute Resources required by this container; cannot be updated"
},
},
"securityContext":{
"$ref":"v1beta2.SecurityContext",
"description":"security options the pod should run with"
},
"terminationMessagePath":{
"terminationMessagePath":{
"type":"string",
"type":"string",
"description":"path at which the file to which the container's termination message will be written is mounted into the container's filesystem; message written is intended to be brief final status, such as an assertion failure message; defaults to /dev/termination-log; cannot be updated"
"description":"path at which the file to which the container's termination message will be written is mounted into the container's filesystem; message written is intended to be brief final status, such as an assertion failure message; defaults to /dev/termination-log; cannot be updated"
...
@@ -7627,8 +7623,7 @@
...
@@ -7627,8 +7623,7 @@
"description":"restart policy for all containers within the pod; one of RestartPolicyAlways, RestartPolicyOnFailure, RestartPolicyNever"
"description":"restart policy for all containers within the pod; one of RestartPolicyAlways, RestartPolicyOnFailure, RestartPolicyNever"
},
},
"terminationGracePeriodSeconds":{
"terminationGracePeriodSeconds":{
"type":"integer",
"$ref":"int64",
"format":"int64",
"description":"optional duration in seconds the pod needs to terminate gracefully; may be decreased in delete request; value must be non-negative integer; the value zero indicates delete immediately; if this value is not set, the default grace period will be used instead; the grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal; set this value longer than the expected cleanup time for your process"
"description":"optional duration in seconds the pod needs to terminate gracefully; may be decreased in delete request; value must be non-negative integer; the value zero indicates delete immediately; if this value is not set, the default grace period will be used instead; the grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal; set this value longer than the expected cleanup time for your process"
},
},
"uuid":{
"uuid":{
...
@@ -7705,8 +7700,7 @@
...
@@ -7705,8 +7700,7 @@
"description":"an optional prefix to use to generate a unique name; has the same validation rules as name; optional, and is applied only name if is not specified"
"description":"an optional prefix to use to generate a unique name; has the same validation rules as name; optional, and is applied only name if is not specified"
},
},
"gracePeriodSeconds":{
"gracePeriodSeconds":{
"type":"integer",
"$ref":"int64",
"format":"int64",
"description":"the duration in seconds to wait before deleting this object; defaults to a per object value if not specified; zero means delete immediately"
"description":"the duration in seconds to wait before deleting this object; defaults to a per object value if not specified; zero means delete immediately"
},
},
"id":{
"id":{
...
@@ -9237,10 +9231,10 @@
...
@@ -9237,10 +9231,10 @@
"v1beta2.PersistentVolumeSpec":{
"v1beta2.PersistentVolumeSpec":{
"id":"v1beta2.PersistentVolumeSpec",
"id":"v1beta2.PersistentVolumeSpec",
"required":[
"required":[
"glusterfs",
"persistentDisk",
"persistentDisk",
"awsElasticBlockStore",
"awsElasticBlockStore",
"hostPath",
"hostPath"
"glusterfs"
],
],
"properties":{
"properties":{
"accessModes":{
"accessModes":{
...
@@ -9812,27 +9806,6 @@
...
@@ -9812,27 +9806,6 @@
"id":"v1beta2.RestartPolicyOnFailure",
"id":"v1beta2.RestartPolicyOnFailure",
"properties":{}
"properties":{}
},
},
"v1beta2.SELinuxOptions":{
"id":"v1beta2.SELinuxOptions",
"properties":{
"level":{
"type":"string",
"description":"the level label to apply to the container"
},
"role":{
"type":"string",
"description":"the role label to apply to the container"
},
"type":{
"type":"string",
"description":"the type label to apply to the container"
},
"user":{
"type":"string",
"description":"the user label to apply to the container"
}
}
},
"v1beta2.Secret":{
"v1beta2.Secret":{
"id":"v1beta2.Secret",
"id":"v1beta2.Secret",
"properties":{
"properties":{
...
@@ -9961,28 +9934,6 @@
...
@@ -9961,28 +9934,6 @@
}
}
}
}
},
},
"v1beta2.SecurityContext":{
"id":"v1beta2.SecurityContext",
"properties":{
"capabilities":{
"$ref":"v1beta2.Capabilities",
"description":"the linux capabilites that should be added or removed"
},
"privileged":{
"type":"boolean",
"description":"run the container in privileged mode"
},
"runAsUser":{
"type":"integer",
"format":"int64",
"description":"the user id that runs the first process in the container"
},
"seLinuxOptions":{
"$ref":"v1beta2.SELinuxOptions",
"description":"options that control the SELinux labels applied"
"description":"capabilities for container; cannot be updated; deprecated; See SecurityContext."
"description":"capabilities for container; cannot be updated"
},
},
"command":{
"command":{
"type":"array",
"type":"array",
...
@@ -8503,7 +8503,7 @@
...
@@ -8503,7 +8503,7 @@
},
},
"privileged":{
"privileged":{
"type":"boolean",
"type":"boolean",
"description":"whether or not the container is granted privileged status; defaults to false; cannot be updated; deprecated; See SecurityContext."
"description":"whether or not the container is granted privileged status; defaults to false; cannot be updated"
},
},
"readinessProbe":{
"readinessProbe":{
"$ref":"v1beta3.Probe",
"$ref":"v1beta3.Probe",
...
@@ -8513,10 +8513,6 @@
...
@@ -8513,10 +8513,6 @@
"$ref":"v1beta3.ResourceRequirements",
"$ref":"v1beta3.ResourceRequirements",
"description":"Compute Resources required by this container; cannot be updated"
"description":"Compute Resources required by this container; cannot be updated"
},
},
"securityContext":{
"$ref":"v1beta3.SecurityContext",
"description":"security options the pod should run with"
},
"terminationMessagePath":{
"terminationMessagePath":{
"type":"string",
"type":"string",
"description":"path at which the file to which the container's termination message will be written is mounted into the container's filesystem; message written is intended to be brief final status, such as an assertion failure message; defaults to /dev/termination-log; cannot be updated"
"description":"path at which the file to which the container's termination message will be written is mounted into the container's filesystem; message written is intended to be brief final status, such as an assertion failure message; defaults to /dev/termination-log; cannot be updated"
...
@@ -8693,8 +8689,7 @@
...
@@ -8693,8 +8689,7 @@
"description":"version of the schema the object should have"
"description":"version of the schema the object should have"
},
},
"gracePeriodSeconds":{
"gracePeriodSeconds":{
"type":"integer",
"$ref":"int64",
"format":"int64",
"description":"the duration in seconds to wait before deleting this object; defaults to a per object value if not specified; zero means delete immediately"
"description":"the duration in seconds to wait before deleting this object; defaults to a per object value if not specified; zero means delete immediately"
},
},
"kind":{
"kind":{
...
@@ -9893,8 +9888,7 @@
...
@@ -9893,8 +9888,7 @@
"description":"restart policy for all containers within the pod; one of RestartPolicyAlways, RestartPolicyOnFailure, RestartPolicyNever"
"description":"restart policy for all containers within the pod; one of RestartPolicyAlways, RestartPolicyOnFailure, RestartPolicyNever"
},
},
"terminationGracePeriodSeconds":{
"terminationGracePeriodSeconds":{
"type":"integer",
"$ref":"int64",
"format":"int64",
"description":"optional duration in seconds the pod needs to terminate gracefully; may be decreased in delete request; value must be non-negative integer; the value zero indicates delete immediately; if this value is not set, the default grace period will be used instead; the grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal; set this value longer than the expected cleanup time for your process"
"description":"optional duration in seconds the pod needs to terminate gracefully; may be decreased in delete request; value must be non-negative integer; the value zero indicates delete immediately; if this value is not set, the default grace period will be used instead; the grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal; set this value longer than the expected cleanup time for your process"
},
},
"volumes":{
"volumes":{
...
@@ -10206,27 +10200,6 @@
...
@@ -10206,27 +10200,6 @@
}
}
}
}
},
},
"v1beta3.SELinuxOptions":{
"id":"v1beta3.SELinuxOptions",
"properties":{
"level":{
"type":"string",
"description":"the level label to apply to the container"
},
"role":{
"type":"string",
"description":"the role label to apply to the container"
},
"type":{
"type":"string",
"description":"the type label to apply to the container"
},
"user":{
"type":"string",
"description":"the user label to apply to the container"
}
}
},
"v1beta3.Secret":{
"v1beta3.Secret":{
"id":"v1beta3.Secret",
"id":"v1beta3.Secret",
"properties":{
"properties":{
...
@@ -10291,28 +10264,6 @@
...
@@ -10291,28 +10264,6 @@
}
}
}
}
},
},
"v1beta3.SecurityContext":{
"id":"v1beta3.SecurityContext",
"properties":{
"capabilities":{
"$ref":"v1beta3.Capabilities",
"description":"the linux capabilites that should be added or removed"
},
"privileged":{
"type":"boolean",
"description":"run the container in privileged mode"
},
"runAsUser":{
"type":"integer",
"format":"int64",
"description":"the user id that runs the first process in the container"
},
"seLinuxOptions":{
"$ref":"v1beta3.SELinuxOptions",
"description":"options that control the SELinux labels applied"
Lifecycle*Lifecycle`json:"lifecycle,omitempty" description:"actions that the management system should take in response to container lifecycle events; cannot be updated"`
Lifecycle*Lifecycle`json:"lifecycle,omitempty" description:"actions that the management system should take in response to container lifecycle events; cannot be updated"`
// Optional: Defaults to /dev/termination-log
// Optional: Defaults to /dev/termination-log
TerminationMessagePathstring`json:"terminationMessagePath,omitempty" description:"path at which the file to which the container's termination message will be written is mounted into the container's filesystem; message written is intended to be brief final status, such as an assertion failure message; defaults to /dev/termination-log; cannot be updated"`
TerminationMessagePathstring`json:"terminationMessagePath,omitempty" description:"path at which the file to which the container's termination message will be written is mounted into the container's filesystem; message written is intended to be brief final status, such as an assertion failure message; defaults to /dev/termination-log; cannot be updated"`
// Deprecated - see SecurityContext. Optional: Default to false.
// Optional: Default to false.
Privilegedbool`json:"privileged,omitempty" description:"hether or not the container is granted privileged status; defaults to false; cannot be updated; deprecated; See SecurityContext"`
Privilegedbool`json:"privileged,omitempty" description:"whether or not the container is granted privileged status; defaults to false; cannot be updated"`
// Optional: Policy for pulling images for this container
// Optional: Policy for pulling images for this container
ImagePullPolicyPullPolicy`json:"imagePullPolicy" description:"image pull policy; one of PullAlways, PullNever, PullIfNotPresent; defaults to PullAlways if :latest tag is specified, or PullIfNotPresent otherwise; cannot be updated"`
ImagePullPolicyPullPolicy`json:"imagePullPolicy" description:"image pull policy; one of PullAlways, PullNever, PullIfNotPresent; defaults to PullAlways if :latest tag is specified, or PullIfNotPresent otherwise; cannot be updated"`
// Deprecated - see SecurityContext. Optional: Capabilities for container.
// Optional: Capabilities for container.
CapabilitiesCapabilities`json:"capabilities,omitempty" description:"capabilities for container; cannot be updated; deprecated; See SecurityContext"`
CapabilitiesCapabilities`json:"capabilities,omitempty" description:"capabilities for container; cannot be updated"`
// Optional: SecurityContext defines the security options the pod should be run with
SecurityContext*SecurityContext`json:"securityContext,omitempty" description:"security options the pod should run with"`
}
}
// Handler defines a specific action that should be taken
// Handler defines a specific action that should be taken
...
@@ -1737,39 +1735,3 @@ type ComponentStatusList struct {
...
@@ -1737,39 +1735,3 @@ type ComponentStatusList struct {
Items[]ComponentStatus`json:"items" description:"list of component status objects"`
Items[]ComponentStatus`json:"items" description:"list of component status objects"`
}
}
// SecurityContext holds security configuration that will be applied to a container. SecurityContext
// contains duplication of some existing fields from the Container resource. These duplicate fields
// will be populated based on the Container configuration if they are not set. Defining them on
// both the Container AND the SecurityContext will result in an error.
typeSecurityContextstruct{
// Capabilities are the capabilities to add/drop when running the container
// Must match Container.Capabilities or be unset. Will be defaulted to Container.Capabilities if left unset
Capabilities*Capabilities`json:"capabilities,omitempty" description:"the linux capabilites that should be added or removed"`
// Run the container in privileged mode
// Must match Container.Privileged or be unset. Will be defaulted to Container.Privileged if left unset
Privileged*bool`json:"privileged,omitempty" description:"run the container in privileged mode"`
// SELinuxOptions are the labels to be applied to the container
// and volumes
SELinuxOptions*SELinuxOptions`json:"seLinuxOptions,omitempty" description:"options that control the SELinux labels applied"`
// RunAsUser is the UID to run the entrypoint of the container process.
RunAsUser*int64`json:"runAsUser,omitempty" description:"the user id that runs the first process in the container"`
}
// SELinuxOptions are the labels to be applied to the container
typeSELinuxOptionsstruct{
// SELinux user label
Userstring`json:"user,omitempty" description:"the user label to apply to the container"`
// SELinux role label
Rolestring`json:"role,omitempty" description:"the role label to apply to the container"`
// SELinux type label
Typestring`json:"type,omitempty" description:"the type label to apply to the container"`
// SELinux level label.
Levelstring`json:"level,omitempty" description:"the level label to apply to the container"`
Lifecycle*Lifecycle`json:"lifecycle,omitempty" description:"actions that the management system should take in response to container lifecycle events; cannot be updated"`
Lifecycle*Lifecycle`json:"lifecycle,omitempty" description:"actions that the management system should take in response to container lifecycle events; cannot be updated"`
// Optional: Defaults to /dev/termination-log
// Optional: Defaults to /dev/termination-log
TerminationMessagePathstring`json:"terminationMessagePath,omitempty" description:"path at which the file to which the container's termination message will be written is mounted into the container's filesystem; message written is intended to be brief final status, such as an assertion failure message; defaults to /dev/termination-log; cannot be updated"`
TerminationMessagePathstring`json:"terminationMessagePath,omitempty" description:"path at which the file to which the container's termination message will be written is mounted into the container's filesystem; message written is intended to be brief final status, such as an assertion failure message; defaults to /dev/termination-log; cannot be updated"`
// Deprecated - see SecurityContext. Optional: Default to false.
// Optional: Default to false.
Privilegedbool`json:"privileged,omitempty" description:"whether or not the container is granted privileged status; defaults to false; cannot be updated; deprecated; See SecurityContext"`
Privilegedbool`json:"privileged,omitempty" description:"whether or not the container is granted privileged status; defaults to false; cannot be updated"`
// Optional: Policy for pulling images for this container
// Optional: Policy for pulling images for this container
ImagePullPolicyPullPolicy`json:"imagePullPolicy" description:"image pull policy; one of PullAlways, PullNever, PullIfNotPresent; defaults to PullAlways if :latest tag is specified, or PullIfNotPresent otherwise; cannot be updated"`
ImagePullPolicyPullPolicy`json:"imagePullPolicy" description:"image pull policy; one of PullAlways, PullNever, PullIfNotPresent; defaults to PullAlways if :latest tag is specified, or PullIfNotPresent otherwise; cannot be updated"`
// Deprecated - see SecurityContext. Optional: Capabilities for container.
// Optional: Capabilities for container.
CapabilitiesCapabilities`json:"capabilities,omitempty" description:"capabilities for container; cannot be updated; deprecated; See SecurityContext"`
CapabilitiesCapabilities`json:"capabilities,omitempty" description:"capabilities for container; cannot be updated"`
// Optional: SecurityContext defines the security options the pod should be run with
SecurityContext*SecurityContext`json:"securityContext,omitempty" description:"security options the pod should run with"`
}
}
// Handler defines a specific action that should be taken
// Handler defines a specific action that should be taken
...
@@ -1657,39 +1655,3 @@ type ComponentStatusList struct {
...
@@ -1657,39 +1655,3 @@ type ComponentStatusList struct {
Items[]ComponentStatus`json:"items" description:"list of component status objects"`
Items[]ComponentStatus`json:"items" description:"list of component status objects"`
}
}
// SecurityContext holds security configuration that will be applied to a container. SecurityContext
// contains duplication of some existing fields from the Container resource. These duplicate fields
// will be populated based on the Container configuration if they are not set. Defining them on
// both the Container AND the SecurityContext will result in an error.
typeSecurityContextstruct{
// Capabilities are the capabilities to add/drop when running the container
// Must match Container.Capabilities or be unset. Will be defaulted to Container.Capabilities if left unset
Capabilities*Capabilities`json:"capabilities,omitempty" description:"the linux capabilites that should be added or removed"`
// Run the container in privileged mode
// Must match Container.Privileged or be unset. Will be defaulted to Container.Privileged if left unset
Privileged*bool`json:"privileged,omitempty" description:"run the container in privileged mode"`
// SELinuxOptions are the labels to be applied to the container
// and volumes
SELinuxOptions*SELinuxOptions`json:"seLinuxOptions,omitempty" description:"options that control the SELinux labels applied"`
// RunAsUser is the UID to run the entrypoint of the container process.
RunAsUser*int64`json:"runAsUser,omitempty" description:"the user id that runs the first process in the container"`
}
// SELinuxOptions are the labels to be applied to the container.
typeSELinuxOptionsstruct{
// SELinux user label
Userstring`json:"user,omitempty" description:"the user label to apply to the container"`
// SELinux role label
Rolestring`json:"role,omitempty" description:"the role label to apply to the container"`
// SELinux type label
Typestring`json:"type,omitempty" description:"the type label to apply to the container"`
// SELinux level label.
Levelstring`json:"level,omitempty" description:"the level label to apply to the container"`
Lifecycle*Lifecycle`json:"lifecycle,omitempty" description:"actions that the management system should take in response to container lifecycle events; cannot be updated"`
Lifecycle*Lifecycle`json:"lifecycle,omitempty" description:"actions that the management system should take in response to container lifecycle events; cannot be updated"`
// Optional: Defaults to /dev/termination-log
// Optional: Defaults to /dev/termination-log
TerminationMessagePathstring`json:"terminationMessagePath,omitempty" description:"path at which the file to which the container's termination message will be written is mounted into the container's filesystem; message written is intended to be brief final status, such as an assertion failure message; defaults to /dev/termination-log; cannot be updated"`
TerminationMessagePathstring`json:"terminationMessagePath,omitempty" description:"path at which the file to which the container's termination message will be written is mounted into the container's filesystem; message written is intended to be brief final status, such as an assertion failure message; defaults to /dev/termination-log; cannot be updated"`
// Deprecated - see SecurityContext. Optional: Default to false.
// Optional: Default to false.
Privilegedbool`json:"privileged,omitempty" description:"whether or not the container is granted privileged status; defaults to false; cannot be updated; deprecated; See SecurityContext"`
Privilegedbool`json:"privileged,omitempty" description:"whether or not the container is granted privileged status; defaults to false; cannot be updated"`
// Optional: Policy for pulling images for this container
// Optional: Policy for pulling images for this container
ImagePullPolicyPullPolicy`json:"imagePullPolicy" description:"image pull policy; one of PullAlways, PullNever, PullIfNotPresent; defaults to PullAlways if :latest tag is specified, or PullIfNotPresent otherwise; cannot be updated"`
ImagePullPolicyPullPolicy`json:"imagePullPolicy" description:"image pull policy; one of PullAlways, PullNever, PullIfNotPresent; defaults to PullAlways if :latest tag is specified, or PullIfNotPresent otherwise; cannot be updated"`
// Deprecated - see SecurityContext. Optional: Capabilities for container.
// Optional: Capabilities for container.
CapabilitiesCapabilities`json:"capabilities,omitempty" description:"capabilities for container; cannot be updated; deprecated; See SecurityContext"`
CapabilitiesCapabilities`json:"capabilities,omitempty" description:"capabilities for container; cannot be updated"`
// Optional: SecurityContext defines the security options the pod should be run with
SecurityContext*SecurityContext`json:"securityContext,omitempty" description:"security options the pod should run with"`
}
}
const(
const(
...
@@ -1719,39 +1717,3 @@ type ComponentStatusList struct {
...
@@ -1719,39 +1717,3 @@ type ComponentStatusList struct {
Items[]ComponentStatus`json:"items" description:"list of component status objects"`
Items[]ComponentStatus`json:"items" description:"list of component status objects"`
}
}
// SecurityContext holds security configuration that will be applied to a container. SecurityContext
// contains duplication of some existing fields from the Container resource. These duplicate fields
// will be populated based on the Container configuration if they are not set. Defining them on
// both the Container AND the SecurityContext will result in an error.
typeSecurityContextstruct{
// Capabilities are the capabilities to add/drop when running the container
// Must match Container.Capabilities or be unset. Will be defaulted to Container.Capabilities if left unset
Capabilities*Capabilities`json:"capabilities,omitempty" description:"the linux capabilites that should be added or removed"`
// Run the container in privileged mode
// Must match Container.Privileged or be unset. Will be defaulted to Container.Privileged if left unset
Privileged*bool`json:"privileged,omitempty" description:"run the container in privileged mode"`
// SELinuxOptions are the labels to be applied to the container
// and volumes
SELinuxOptions*SELinuxOptions`json:"seLinuxOptions,omitempty" description:"options that control the SELinux labels applied"`
// RunAsUser is the UID to run the entrypoint of the container process.
RunAsUser*int64`json:"runAsUser,omitempty" description:"the user id that runs the first process in the container"`
}
// SELinuxOptions are the labels to be applied to the container.
typeSELinuxOptionsstruct{
// SELinux user label
Userstring`json:"user,omitempty" description:"the user label to apply to the container"`
// SELinux role label
Rolestring`json:"role,omitempty" description:"the role label to apply to the container"`
// SELinux type label
Typestring`json:"type,omitempty" description:"the type label to apply to the container"`
// SELinux level label.
Levelstring`json:"level,omitempty" description:"the level label to apply to the container"`
Lifecycle*Lifecycle`json:"lifecycle,omitempty" description:"actions that the management system should take in response to container lifecycle events; cannot be updated"`
Lifecycle*Lifecycle`json:"lifecycle,omitempty" description:"actions that the management system should take in response to container lifecycle events; cannot be updated"`
// Optional: Defaults to /dev/termination-log
// Optional: Defaults to /dev/termination-log
TerminationMessagePathstring`json:"terminationMessagePath,omitempty" description:"path at which the file to which the container's termination message will be written is mounted into the container's filesystem; message written is intended to be brief final status, such as an assertion failure message; defaults to /dev/termination-log; cannot be updated"`
TerminationMessagePathstring`json:"terminationMessagePath,omitempty" description:"path at which the file to which the container's termination message will be written is mounted into the container's filesystem; message written is intended to be brief final status, such as an assertion failure message; defaults to /dev/termination-log; cannot be updated"`
// Deprecated - see SecurityContext. Optional: Default to false.
// Optional: Default to false.
Privilegedbool`json:"privileged,omitempty" description:"whether or not the container is granted privileged status; defaults to false; cannot be updated; deprecated; See SecurityContext."`
Privilegedbool`json:"privileged,omitempty" description:"whether or not the container is granted privileged status; defaults to false; cannot be updated"`
// Optional: Policy for pulling images for this container
// Optional: Policy for pulling images for this container
ImagePullPolicyPullPolicy`json:"imagePullPolicy" description:"image pull policy; one of PullAlways, PullNever, PullIfNotPresent; defaults to PullAlways if :latest tag is specified, or PullIfNotPresent otherwise; cannot be updated"`
ImagePullPolicyPullPolicy`json:"imagePullPolicy" description:"image pull policy; one of PullAlways, PullNever, PullIfNotPresent; defaults to PullAlways if :latest tag is specified, or PullIfNotPresent otherwise; cannot be updated"`
// Deprecated - see SecurityContext. Optional: Capabilities for container.
// Optional: Capabilities for container.
CapabilitiesCapabilities`json:"capabilities,omitempty" description:"capabilities for container; cannot be updated; deprecated; See SecurityContext."`
CapabilitiesCapabilities`json:"capabilities,omitempty" description:"capabilities for container; cannot be updated"`
// Optional: SecurityContext defines the security options the pod should be run with
SecurityContext*SecurityContext`json:"securityContext,omitempty" description:"security options the pod should run with"`
}
}
// Handler defines a specific action that should be taken
// Handler defines a specific action that should be taken
...
@@ -1737,39 +1735,3 @@ type ComponentStatusList struct {
...
@@ -1737,39 +1735,3 @@ type ComponentStatusList struct {
Items[]ComponentStatus`json:"items" description:"list of component status objects"`
Items[]ComponentStatus`json:"items" description:"list of component status objects"`
}
}
// SecurityContext holds security configuration that will be applied to a container. SecurityContext
// contains duplication of some existing fields from the Container resource. These duplicate fields
// will be populated based on the Container configuration if they are not set. Defining them on
// both the Container AND the SecurityContext will result in an error.
typeSecurityContextstruct{
// Capabilities are the capabilities to add/drop when running the container
// Must match Container.Capabilities or be unset. Will be defaulted to Container.Capabilities if left unset
Capabilities*Capabilities`json:"capabilities,omitempty" description:"the linux capabilites that should be added or removed"`
// Run the container in privileged mode
// Must match Container.Privileged or be unset. Will be defaulted to Container.Privileged if left unset
Privileged*bool`json:"privileged,omitempty" description:"run the container in privileged mode"`
// SELinuxOptions are the labels to be applied to the container
// and volumes
SELinuxOptions*SELinuxOptions`json:"seLinuxOptions,omitempty" description:"options that control the SELinux labels applied"`
// RunAsUser is the UID to run the entrypoint of the container process.
RunAsUser*int64`json:"runAsUser,omitempty" description:"the user id that runs the first process in the container"`
}
// SELinuxOptions are the labels to be applied to the container.
typeSELinuxOptionsstruct{
// SELinux user label
Userstring`json:"user,omitempty" description:"the user label to apply to the container"`
// SELinux role label
Rolestring`json:"role,omitempty" description:"the role label to apply to the container"`
// SELinux type label
Typestring`json:"type,omitempty" description:"the type label to apply to the container"`
// SELinux level label.
Levelstring`json:"level,omitempty" description:"the level label to apply to the container"`