Package k8s.io.api.core.v1

Index

ConfigMapEnvSource

Not supported by Cloud Run.

ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.

The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.

Fields
local_object_reference
(deprecated)

LocalObjectReference

This field should not be used directly as it is meant to be inlined directly into the message. Use the "name" field instead.

optional

bool

Specify whether the ConfigMap must be defined.

name

string

The ConfigMap to select from.

ConfigMapKeySelector

Not supported by Cloud Run.

Fields
local_object_reference
(deprecated)

LocalObjectReference

Not supported by Cloud Run.

key

string

Required. Not supported by Cloud Run.

optional

bool

Not supported by Cloud Run.

name

string

Required. Not supported by Cloud Run.

ConfigMapVolumeSource

Not supported by Cloud Run.

Adapts a ConfigMap into a volume. The contents of the target ConfigMap's Data field will be presented in a volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths.

Fields
name

string

Name of the config.

items[]

KeyToPath

(Optional)

If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified that is not present in the Secret, the volume setup will error unless it is marked optional.

default_mode

int32

(Optional)

Integer representation of mode bits to use on created files by default. Must be a value between 01 and 0777 (octal). If 0 or not set, it will default to 0644. Directories within the path are not affected by this setting.

Notes

  • Internally, a umask of 0222 will be applied to any non-zero value.
  • This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10).
  • This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
optional

bool

(Optional)

Specify whether the Secret or its keys must be defined.

Container

A single application container. This specifies both the container to run, the command to run in the container and the arguments to supply to it. Note that additional arguments may be supplied by the system to the container at runtime.

Fields
name

string

Name of the container specified as a DNS_LABEL (RFC 1123).

image

string

Required. Name of the container image in Dockerhub, Google Artifact Registry, or Google Container Registry. If the host is not provided, Dockerhub is assumed.

command[]

string

Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references are not supported in Cloud Run.

args[]

string

Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references are not supported in Cloud Run.

env[]

EnvVar

List of environment variables to set in the container.

EnvVar with duplicate names are generally allowed; if referencing a secret, the name must be unique for the container. For non-secret EnvVar names, the Container will only get the last-declared one.

resources

ResourceRequirements

Compute Resources required by this container.

working_dir

string

Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image.

ports[]

ContainerPort

List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible.

If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on.

env_from[]

EnvFromSource

Not supported by Cloud Run.

volume_mounts[]

VolumeMount

Volume to mount into the container's filesystem. Only supports SecretVolumeSources.

Pod volumes to mount into the container's filesystem.

liveness_probe

Probe

Periodic probe of container liveness. Container will be restarted if the probe fails.

readiness_probe

Probe

Not supported by Cloud Run.

startup_probe

Probe

Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not receive traffic if the probe fails. If not provided, a default startup probe with TCP socket action is used.

termination_message_path

string

Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log.

termination_message_policy

string

Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.

image_pull_policy

string

Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.

security_context

SecurityContext

Not supported by Cloud Run.

ContainerPort

ContainerPort represents a network port in a single container.

Fields
name

string

If specified, used to specify which protocol to use. Allowed values are "http1" and "h2c".

container_port

int32

Port number the container listens on. If present, this must be a valid port number, 0 < x < 65536. If not present, it will default to port 8080. For more information, see https://cloud.google.com/run/docs/container-contract#port

protocol

string

Protocol for port. Must be "TCP". Defaults to "TCP".

EmptyDirVolumeSource

In memory (tmpfs) ephemeral storage. It is ephemeral in the sense that when the sandbox is taken down, the data is destroyed with it (it does not persist across sandbox runs).

Fields
medium

string

The medium on which the data is stored. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir

size_limit

string

Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers. The default is nil which means that the limit is undefined. More info: https://cloud.google.com/run/docs/configuring/in-memory-volumes#configure-volume. Info in Kubernetes: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir

EnvFromSource

Not supported by Cloud Run.

EnvFromSource represents the source of a set of ConfigMaps

Fields
prefix

string

An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.

config_map_ref

ConfigMapEnvSource

The ConfigMap to select from

secret_ref

SecretEnvSource

The Secret to select from

EnvVar

EnvVar represents an environment variable present in a Container.

Fields
name

string

Required. Name of the environment variable. Must be a C_IDENTIFIER.

value

string

Value of the environment variable. Defaults to "". Variable references are not supported in Cloud Run.

value_from

EnvVarSource

Source for the environment variable's value. Only supports secret_key_ref. Cannot be used if value is not empty.

EnvVarSource

EnvVarSource represents a source for the value of an EnvVar.

Fields
config_map_key_ref

ConfigMapKeySelector

Not supported by Cloud Run.

Not supported in Cloud Run.

secret_key_ref

SecretKeySelector

Selects a key (version) of a secret in Secret Manager.

ExecAction

Not supported by Cloud Run.

ExecAction describes a "run in container" action.

Fields
command[]

string

Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.

GRPCAction

GRPCAction describes an action involving a GRPC port.

Fields
port

int32

Port number of the gRPC service. Number must be in the range 1 to 65535.

service

string

Service is the name of the service to place in the gRPC HealthCheckRequest. If this is not specified, the default behavior is defined by gRPC.

HTTPGetAction

HTTPGetAction describes an action based on HTTP Get requests.

Fields
path

string

Path to access on the HTTP server.

host

string

Not supported by Cloud Run.

scheme

string

Not supported by Cloud Run.

http_headers[]

HTTPHeader

Custom headers to set in the request. HTTP allows repeated headers.

port

int32

Port number to access on the container. Number must be in the range 1 to 65535.

HTTPHeader

HTTPHeader describes a custom header to be used in HTTP probes

Fields
name

string

Required. The header field name

value

string

The header field value

KeyToPath

Maps a string key to a path within a volume.

Fields
key

string

The Cloud Secret Manager secret version. Can be 'latest' for the latest value, or an integer or a secret alias for a specific version.

The key to project.

path

string

The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.

mode

int32

(Optional)

Mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used.

Notes

  • Internally, a umask of 0222 will be applied to any non-zero value.
  • This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10).
  • This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

LocalObjectReference

Not supported by Cloud Run.

LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.

Fields
name

string

Name of the referent.

Probe

Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.

Fields
initial_delay_seconds

int32

Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240.

timeout_seconds

int32

Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than period_seconds; if period_seconds is not set, must be less or equal than 10.

period_seconds

int32

How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeout_seconds.

success_threshold

int32

Minimum consecutive successes for the probe to be considered successful after having failed. Must be 1 if set.

failure_threshold

int32

Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.

exec

ExecAction

Not supported by Cloud Run.

http_get

HTTPGetAction

HTTPGet specifies the http request to perform.

tcp_socket

TCPSocketAction

TCPSocket specifies an action involving a TCP port.

grpc

GRPCAction

GRPCAction specifies an action involving a GRPC port.

ResourceRequirements

ResourceRequirements describes the compute resource requirements.

Fields
limits

map<string, string>

Limits describes the maximum amount of compute resources allowed. Only 'cpu' and 'memory' keys are supported. * For supported 'cpu' values, go to https://cloud.google.com/run/docs/configuring/cpu. * For supported 'memory' values and syntax, go to https://cloud.google.com/run/docs/configuring/memory-limits

requests

map<string, string>

Requests describes the minimum amount of compute resources required. Only cpu and memory are supported. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. * For supported 'cpu' values, go to https://cloud.google.com/run/docs/configuring/cpu. * For supported 'memory' values and syntax, go to https://cloud.google.com/run/docs/configuring/memory-limits

SecretEnvSource

Not supported by Cloud Run.

SecretEnvSource selects a Secret to populate the environment variables with.

The contents of the target Secret's Data field will represent the key-value pairs as environment variables.

Fields
local_object_reference
(deprecated)

LocalObjectReference

This field should not be used directly as it is meant to be inlined directly into the message. Use the "name" field instead.

optional

bool

Specify whether the Secret must be defined

name

string

The Secret to select from.

SecretKeySelector

SecretKeySelector selects a key of a Secret.

Fields
local_object_reference
(deprecated)

LocalObjectReference

This field should not be used directly as it is meant to be inlined directly into the message. Use the "name" field instead.

key

string

Required. A Cloud Secret Manager secret version. Must be 'latest' for the latest version, an integer for a specific version, or a version alias.

The key of the secret to select from. Must be a valid secret key.

optional

bool

Specify whether the Secret or its key must be defined.

name

string

The name of the secret in Cloud Secret Manager. By default, the secret is assumed to be in the same project. If the secret is in another project, you must define an alias. An alias definition has the form: :projects/<project-id|project-number>/secrets/. If multiple alias definitions are needed, they must be separated by commas. The alias definitions must be set on the run.googleapis.com/secrets annotation.

The name of the secret in the pod's namespace to select from.

SecretVolumeSource

A volume representing a secret stored in Google Secret Manager.

The secret's value will be presented as the content of a file whose name is defined in the item path. If no items are defined, the name of the file is the secret_name.

The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names.

Fields
secret_name

string

The name of the secret in Cloud Secret Manager. By default, the secret is assumed to be in the same project. If the secret is in another project, you must define an alias. An alias definition has the form: :projects/<project-id|project-number>/secrets/. If multiple alias definitions are needed, they must be separated by commas. The alias definitions must be set on the run.googleapis.com/secrets annotation.

Name of the secret in the container's namespace to use.

items[]

KeyToPath

A list of secret versions to mount in the volume.

If no items are specified, the volume will expose a file with the same name as the secret name. The contents of the file will be the data in the latest version of the secret. If items are specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify both a key and a path.

default_mode

int32

Integer representation of mode bits to use on created files by default. Must be a value between 01 and 0777 (octal). If 0 or not set, it will default to 0444. Directories within the path are not affected by this setting.

Notes

  • Internally, a umask of 0222 will be applied to any non-zero value.
  • This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10).
  • This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
optional

bool

Not supported by Cloud Run.

SecurityContext

Not supported by Cloud Run.

SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.

Fields
run_as_user

int32

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

TCPSocketAction

TCPSocketAction describes an action based on opening a socket

Fields
port

int32

Port number to access on the container. Number must be in the range 1 to 65535.

host

string

Not supported by Cloud Run.

Volume

Volume represents a named volume in a container.

Fields
name

string

Volume's name. In Cloud Run Fully Managed, the name 'cloudsql' is reserved.

secret

SecretVolumeSource

The secret's value will be presented as the content of a file whose name is defined in the item path. If no items are defined, the name of the file is the secretName.

config_map

ConfigMapVolumeSource

Not supported in Cloud Run.

empty_dir

EmptyDirVolumeSource

Ephemeral storage used as a shared volume.

VolumeMount

VolumeMount describes a mounting of a Volume within a container.

Fields
name

string

Required. The name of the volume. There must be a corresponding Volume with the same name.

read_only

bool

Only true is accepted for Secret Volumes. Defaults to true for Secrets Volumes.

mount_path

string

Required. Path within the container at which the volume should be mounted. Must not contain ':'.

sub_path

string

Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).