Skip to content

api.md

Latest commit

 

History

History
7163 lines (6359 loc) · 220 KB

api.md

File metadata and controls

7163 lines (6359 loc) · 220 KB

API Reference

Packages:

ironic.metal3.io/v1alpha1

Resource Types:

Ironic

↩ Parent

Ironic is the Schema for the ironics API.

Name Type Description Required
apiVersion string ironic.metal3.io/v1alpha1 true
kind string Ironic true
metadata object Refer to the Kubernetes API documentation for the fields of the `metadata` field. true
spec object IronicSpec defines the desired state of Ironic.
 false
status object IronicStatus defines the observed state of Ironic.
 false

Ironic.spec

↩ Parent

IronicSpec defines the desired state of Ironic.

Name Type Description Required
apiCredentialsName string APICredentialsName is a reference to the secret with Ironic API credentials. A new secret will be created if this field is empty.
 false
database object Database is a reference to a MariaDB database to use for persisting Ironic data. Must be provided for a highly available architecture, optional otherwise. If missing, a local SQLite database will be used, and the Ironic state will be reset on each pod restart.
 false
deployRamdisk object DeployRamdisk defines settings for the provisioning/inspection ramdisk based on Ironic Python Agent.
 false
extraConfig []object ExtraConfig allows overriding any Ironic configuration options.
 false
highAvailability boolean HighAvailability causes Ironic to be deployed as a DaemonSet on control plane nodes instead of a deployment with 1 replica. Requires database to be installed and linked in the Database field. DHCP support is not yet implemented in the highly available architecture. Requires the HighAvailability feature gate to be set.
 false
images object Images is a collection of container images to deploy from.
 false
inspection object Inspection defines inspection settings.
 false
networking object Networking defines networking settings for Ironic.
 false
nodeSelector map[string]string NodeSelector is a selector which must be true for the Ironic pod to fit on a node. Selector which must match a node's labels for the vmi to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
 false
overrides object Overrides for the generated Deployment or Daemon Set. EXPERIMENTAL: requires feature gate Overrides.
 false
prometheusExporter object PrometheusExporter configures sensor data collection and Prometheus metrics export. When enabled, this configures Ironic to collect sensor data and deploys the ironic-prometheus-exporter container.
 false
tls object TLS defines TLS-related settings for various network interactions.
 false
version string Version is the version of Ironic to be installed. Must be either "latest" or a MAJOR.MINOR pair, e.g. "27.0". The default version depends on the operator branch.
 false

Ironic.spec.database

↩ Parent

Database is a reference to a MariaDB database to use for persisting Ironic data. Must be provided for a highly available architecture, optional otherwise. If missing, a local SQLite database will be used, and the Ironic state will be reset on each pod restart.

Name Type Description Required
credentialsName string Name of a secret with database credentials.
 true
host string IP address or host name of the database instance.
 true
name string Database name.
 true
tlsCertificateName string Name of a secret with the a TLS certificate or a CA for verifying the database host. If unset, Ironic will request an unencrypted connections, which is insecure, and the server configuration may forbid it.
 false

Ironic.spec.deployRamdisk

↩ Parent

DeployRamdisk defines settings for the provisioning/inspection ramdisk based on Ironic Python Agent.

Name Type Description Required
disableDownloader boolean DisableDownloader tells the operator not to start the IPA downloader as the init container. The user will be responsible for providing the right image to BareMetal Operator.
 false
extraKernelParams string ExtraKernelParams is a string with kernel parameters to pass to the provisioning/inspection ramdisk. Will not take effect if the host uses a pre-built ISO (either through its PreprovisioningImage or via the DEPLOY_ISO_URL baremetal-operator parameter).
 false
sshKey string SSHKey is the contents of the public key to inject into the ramdisk for debugging purposes.
 false

Ironic.spec.extraConfig[index]

↩ Parent

ExtraConfig allows overriding any Ironic configuration options. See the entire listing of available options in the Ironic documentation: https://docs.openstack.org/ironic/latest/configuration/config.html (note that some options may not be available in earlier releases).

Warning: modifying arbitrary options may cause your Ironic installation to fail or misbehave. Do not modify anything you don't understand well.

Name Type Description Required
group string The group that config belongs to.
 false
name string The name of the config.
 false
value string The value of the config.
 false

Ironic.spec.images

↩ Parent

Images is a collection of container images to deploy from.

Name Type Description Required
deployRamdiskBranch string DeployRamdiskBranch is the branch of IPA to download. The main branch is used by default. Not used if deployRamdisk.disableDownloader is true.
 false
deployRamdiskDownloader string DeployRamdiskDownloader is the image to be used at pod initialization to download the IPA ramdisk. Not used if deployRamdisk.disableDownloader is true.
 false
ironic string Ironic is the Ironic image (including httpd).
 false
keepalived string Keepalived is the Keepalived image. Not used if networking.ipAddressManager is not set to keepalived.
 false

Ironic.spec.inspection

↩ Parent

Inspection defines inspection settings.

Name Type Description Required
collectors []string Collectors is a list of inspection collectors to enable. See https://docs.openstack.org/ironic-python-agent/latest/admin/how_it_works.html#inspection-data for details.
 false
vlanInterfaces []string List of interfaces to inspect for VLANs. This can be interface names (to collect all VLANs using LLDP) or pairs ..
 false

Ironic.spec.networking

↩ Parent

Networking defines networking settings for Ironic.

Name Type Description Required
apiPort integer APIPort is the public port used for Ironic.

Format: int32
Default: 6385
Minimum: 1
 false
bindInterface boolean BindInterface makes Ironic API bound to only one interface.
 false
dhcp object DHCP is a configuration of DHCP for the network boot service (dnsmasq). The service is only deployed when this is set. This setting is currently incompatible with the highly available architecture.
 false
externalIP string ExternalIP is used for accessing API and the image server from remote hosts. This settings only applies to virtual media deployments. The IP will not be accessed from the cluster itself.
 false
imageServerPort integer ImageServerPort is the public port used for serving images.

Format: int32
Default: 6180
Minimum: 1
 false
imageServerTLSPort integer ImageServerTLSPort is the public port used for serving virtual media images over TLS.

Format: int32
Default: 6183
Minimum: 1
 false
interface string Interface is a Linux network device to listen on. Detected from IPAddress if missing.
 false
ipAddress string IPAddress is the main IP address to listen on and use for communication. Detected from Interface if missing. Cannot be provided for a highly available architecture.
 false
ipAddressManager enum Configures the way the provided IP address will be managed on the provided interface. By default, the IP address is expected to be already present. Use "keepalived" to start a Keepalived container managing the IP address. Warning: keepalived is not compatible with the highly available architecture.

Enum: , keepalived
 false
macAddresses []string MACAddresses can be provided to make the start script pick the interface matching any of these addresses. Only set if no other options can be used.
 false
prometheusExporterPort integer PrometheusExporterPort is the port used for the Ironic Prometheus Exporter metrics endpoint. Only used when spec.prometheusExporter.enabled is true.

Format: int32
Default: 9608
Minimum: 1
 false
rpcPort integer RPCPort is the internal RPC port used for Ironic. Only change this if the default value causes a conflict on your deployment.

Format: int32
Default: 6189
Minimum: 1
 false

Ironic.spec.networking.dhcp

↩ Parent

DHCP is a configuration of DHCP for the network boot service (dnsmasq). The service is only deployed when this is set. This setting is currently incompatible with the highly available architecture.

Name Type Description Required
dnsAddress string DNSAddress is the IP address of the DNS server to pass to hosts via DHCP. Must not be set together with ServeDNS.
 false
gatewayAddress string GatewayAddress is the IP address of the gateway to pass to hosts via DHCP.
 false
hosts []string Hosts is a set of DHCP host records to pass to dnsmasq. Check the dnsmasq documentation on dhcp-host for an explanation of the format. There is no API-side validation. Most users will leave this unset.
 false
ignore []string Ignore is set of dnsmasq tags to ignore and not provide any DHCP. Check the dnsmasq documentation on dhcp-ignore for an explanation of the format. There is no API-side validation. Most users will leave this unset.
 false
networkCIDR string NetworkCIDR is a CIDR of the provisioning network. Required.
 false
rangeBegin string RangeBegin is the first IP that can be given to hosts. Must be inside NetworkCIDR.
 false
rangeEnd string RangeEnd is the last IP that can be given to hosts. Must be inside NetworkCIDR.
 false
serveDNS boolean ServeDNS is set to true to pass the provisioning host as the DNS server on the provisioning network. Must not be set together with DNSAddress.
 false

Ironic.spec.overrides

↩ Parent

Overrides for the generated Deployment or Daemon Set. EXPERIMENTAL: requires feature gate Overrides.

Name Type Description Required
annotations map[string]string Extra annotations to add to each pod (including upgrade jobs).
 false
containers []object Containers to append to the main Ironic pod. If a container name matches an existing container, the existing container is replaced.
 false
initContainers []object InitContainers to append to the main Ironic pod. If a container name matches an existing init container, the existing init container is replaced.
 false
labels map[string]string Extra labels to add to each pod (including upgrade jobs).
 false

Ironic.spec.overrides.containers[index]

↩ Parent

A single application container that you want to run within a pod.

Name Type Description Required
name string Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
 true
args []string Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
 false
command []string Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
 false
env []object List of environment variables to set in the container. Cannot be updated.
 false
envFrom []object List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
 false
image string Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
 false
imagePullPolicy string Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
 false
lifecycle object Actions that the management system should take in response to container lifecycle events. Cannot be updated.
 false
livenessProbe object Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 false
ports []object List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See kubernetes/kubernetes#108255. Cannot be updated.
 false
readinessProbe object Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 false
resizePolicy []object Resources resize policy for the container.
 false
resources object Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
restartPolicy string RestartPolicy defines the restart behavior of individual containers in a pod. This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Additionally, setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.
 false
restartPolicyRules []object Represents a list of rules to be checked to determine if the container should be restarted on exit. The rules are evaluated in order. Once a rule matches a container exit condition, the remaining rules are ignored. If no rule matches the container exit condition, the Container-level restart policy determines the whether the container is restarted or not. Constraints on the rules: - At most 20 rules are allowed. - Rules can have the same action. - Identical rules are not forbidden in validations. When rules are specified, container MUST set RestartPolicy explicitly even it if matches the Pod's RestartPolicy.
 false
securityContext object SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
 false
startupProbe object StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 false
stdin boolean Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
 false
stdinOnce boolean Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
 false
terminationMessagePath string Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
 false
terminationMessagePolicy string Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
 false
tty boolean Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
 false
volumeDevices []object volumeDevices is the list of block devices to be used by the container.
 false
volumeMounts []object Pod volumes to mount into the container's filesystem. Cannot be updated.
 false
workingDir string Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
 false

Ironic.spec.overrides.containers[index].env[index]

↩ Parent

EnvVar represents an environment variable present in a Container.

Name Type Description Required
name string Name of the environment variable. May consist of any printable ASCII characters except '='.
 true
value string Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
 false
valueFrom object Source for the environment variable's value. Cannot be used if value is not empty.
 false

Ironic.spec.overrides.containers[index].env[index].valueFrom

↩ Parent

Source for the environment variable's value. Cannot be used if value is not empty.

Name Type Description Required
configMapKeyRef object Selects a key of a ConfigMap.
 false
fieldRef object Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
fileKeyRef object FileKeyRef selects a key of the env file. Requires the EnvFiles feature gate to be enabled.
 false
resourceFieldRef object Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
secretKeyRef object Selects a key of a secret in the pod's namespace
 false

Ironic.spec.overrides.containers[index].env[index].valueFrom.configMapKeyRef

↩ Parent

Selects a key of a ConfigMap.

Name Type Description Required
key string The key to select.
 true
name string Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
false
optional boolean Specify whether the ConfigMap or its key must be defined
 false

Ironic.spec.overrides.containers[index].env[index].valueFrom.fieldRef

↩ Parent

Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels['<KEY>'], metadata.annotations['<KEY>'], spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.

Name Type Description Required
fieldPath string Path of the field to select in the specified API version.
 true
apiVersion string Version of the schema the FieldPath is written in terms of, defaults to "v1".
 false

Ironic.spec.overrides.containers[index].env[index].valueFrom.fileKeyRef

↩ Parent

FileKeyRef selects a key of the env file. Requires the EnvFiles feature gate to be enabled.

Name Type Description Required
key string The key within the env file. An invalid key will prevent the pod from starting. The keys defined within a source may consist of any printable ASCII characters except '='. During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.
 true
path string The path within the volume from which to select the file. Must be relative and may not contain the '..' path or start with '..'.
 true
volumeName string The name of the volume mount containing the env file.
 true
optional boolean Specify whether the file or its key must be defined. If the file or key does not exist, then the env var is not published. If optional is set to true and the specified key does not exist, the environment variable will not be set in the Pod's containers.

If optional is set to false and the specified key does not exist, an error will be returned during Pod creation.

Default: false

 false

Ironic.spec.overrides.containers[index].env[index].valueFrom.resourceFieldRef

↩ Parent

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.

Name Type Description Required
resource string Required: resource to select
 true
containerName string Container name: required for volumes, optional for env vars
 false
divisor int or string Specifies the output format of the exposed resources, defaults to "1"
 false

Ironic.spec.overrides.containers[index].env[index].valueFrom.secretKeyRef

↩ Parent

Selects a key of a secret in the pod's namespace

Name Type Description Required
key string The key of the secret to select from. Must be a valid secret key.
 true
name string Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
false
optional boolean Specify whether the Secret or its key must be defined
 false

Ironic.spec.overrides.containers[index].envFrom[index]

↩ Parent

EnvFromSource represents the source of a set of ConfigMaps or Secrets

Name Type Description Required
configMapRef object The ConfigMap to select from
 false
prefix string Optional text to prepend to the name of each environment variable. May consist of any printable ASCII characters except '='.
 false
secretRef object The Secret to select from
 false

Ironic.spec.overrides.containers[index].envFrom[index].configMapRef

↩ Parent

The ConfigMap to select from

Name Type Description Required
name string Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
false
optional boolean Specify whether the ConfigMap must be defined
 false

Ironic.spec.overrides.containers[index].envFrom[index].secretRef

↩ Parent

The Secret to select from

Name Type Description Required
name string Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
false
optional boolean Specify whether the Secret must be defined
 false

Ironic.spec.overrides.containers[index].lifecycle

↩ Parent

Actions that the management system should take in response to container lifecycle events. Cannot be updated.

Name Type Description Required
postStart object PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
 false
preStop object PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
 false
stopSignal string StopSignal defines which signal will be sent to a container when it is being stopped. If not specified, the default is defined by the container runtime in use. StopSignal can only be set for Pods with a non-empty .spec.os.name
 false

Ironic.spec.overrides.containers[index].lifecycle.postStart

↩ Parent

PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

Name Type Description Required
exec object Exec specifies a command to execute in the container.
 false
httpGet object HTTPGet specifies an HTTP GET request to perform.
 false
sleep object Sleep represents a duration that the container should sleep.
 false
tcpSocket object Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified.
 false

Ironic.spec.overrides.containers[index].lifecycle.postStart.exec

↩ Parent

Exec specifies a command to execute in the container.

Name Type Description Required
command []string Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false

Ironic.spec.overrides.containers[index].lifecycle.postStart.httpGet

↩ Parent

HTTPGet specifies an HTTP GET request to perform.

Name Type Description Required
port int or string Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
host string Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
 false
httpHeaders []object Custom headers to set in the request. HTTP allows repeated headers.
 false
path string Path to access on the HTTP server.
 false
scheme string Scheme to use for connecting to the host. Defaults to HTTP.
 false

Ironic.spec.overrides.containers[index].lifecycle.postStart.httpGet.httpHeaders[index]

↩ Parent

HTTPHeader describes a custom header to be used in HTTP probes

Name Type Description Required
name string The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
value string The header field value
 true

Ironic.spec.overrides.containers[index].lifecycle.postStart.sleep

↩ Parent

Sleep represents a duration that the container should sleep.

Name Type Description Required
seconds integer Seconds is the number of seconds to sleep.

Format: int64
 true

Ironic.spec.overrides.containers[index].lifecycle.postStart.tcpSocket

↩ Parent

Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified.

Name Type Description Required
port int or string Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
host string Optional: Host name to connect to, defaults to the pod IP.
 false

Ironic.spec.overrides.containers[index].lifecycle.preStop

↩ Parent

PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

Name Type Description Required
exec object Exec specifies a command to execute in the container.
 false
httpGet object HTTPGet specifies an HTTP GET request to perform.
 false
sleep object Sleep represents a duration that the container should sleep.
 false
tcpSocket object Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified.
 false

Ironic.spec.overrides.containers[index].lifecycle.preStop.exec

↩ Parent

Exec specifies a command to execute in the container.

Name Type Description Required
command []string Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false

Ironic.spec.overrides.containers[index].lifecycle.preStop.httpGet

↩ Parent

HTTPGet specifies an HTTP GET request to perform.

Name Type Description Required
port int or string Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
host string Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
 false
httpHeaders []object Custom headers to set in the request. HTTP allows repeated headers.
 false
path string Path to access on the HTTP server.
 false
scheme string Scheme to use for connecting to the host. Defaults to HTTP.
 false

Ironic.spec.overrides.containers[index].lifecycle.preStop.httpGet.httpHeaders[index]

↩ Parent

HTTPHeader describes a custom header to be used in HTTP probes

Name Type Description Required
name string The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
value string The header field value
 true

Ironic.spec.overrides.containers[index].lifecycle.preStop.sleep

↩ Parent

Sleep represents a duration that the container should sleep.

Name Type Description Required
seconds integer Seconds is the number of seconds to sleep.

Format: int64
 true

Ironic.spec.overrides.containers[index].lifecycle.preStop.tcpSocket

↩ Parent

Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified.

Name Type Description Required
port int or string Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
host string Optional: Host name to connect to, defaults to the pod IP.
 false

Ironic.spec.overrides.containers[index].livenessProbe

↩ Parent

Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Name Type Description Required
exec object Exec specifies a command to execute in the container.
 false
failureThreshold integer Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.

Format: int32
 false
grpc object GRPC specifies a GRPC HealthCheckRequest.
 false
httpGet object HTTPGet specifies an HTTP GET request to perform.
 false
initialDelaySeconds integer Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
 false
periodSeconds integer How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.

Format: int32
 false
successThreshold integer Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

Format: int32
 false
tcpSocket object TCPSocket specifies a connection to a TCP port.
 false
terminationGracePeriodSeconds integer Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.

Format: int64
 false
timeoutSeconds integer Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
 false

Ironic.spec.overrides.containers[index].livenessProbe.exec

↩ Parent

Exec specifies a command to execute in the container.

Name Type Description Required
command []string Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false

Ironic.spec.overrides.containers[index].livenessProbe.grpc

↩ Parent

GRPC specifies a GRPC HealthCheckRequest.

Name Type Description Required
port integer Port number of the gRPC service. Number must be in the range 1 to 65535.

Format: int32
 true
service string Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).

If this is not specified, the default behavior is defined by gRPC.

Default:

false

Ironic.spec.overrides.containers[index].livenessProbe.httpGet

↩ Parent

HTTPGet specifies an HTTP GET request to perform.

Name Type Description Required
port int or string Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
host string Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
 false
httpHeaders []object Custom headers to set in the request. HTTP allows repeated headers.
 false
path string Path to access on the HTTP server.
 false
scheme string Scheme to use for connecting to the host. Defaults to HTTP.
 false

Ironic.spec.overrides.containers[index].livenessProbe.httpGet.httpHeaders[index]

↩ Parent

HTTPHeader describes a custom header to be used in HTTP probes

Name Type Description Required
name string The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
value string The header field value
 true

Ironic.spec.overrides.containers[index].livenessProbe.tcpSocket

↩ Parent

TCPSocket specifies a connection to a TCP port.

Name Type Description Required
port int or string Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
host string Optional: Host name to connect to, defaults to the pod IP.
 false

Ironic.spec.overrides.containers[index].ports[index]

↩ Parent

ContainerPort represents a network port in a single container.

Name Type Description Required
containerPort integer Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.

Format: int32
 true
hostIP string What host IP to bind the external port to.
 false
hostPort integer Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.

Format: int32
 false
name string If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.
 false
protocol string Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".

Default: TCP
 false

Ironic.spec.overrides.containers[index].readinessProbe

↩ Parent

Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Name Type Description Required
exec object Exec specifies a command to execute in the container.
 false
failureThreshold integer Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.

Format: int32
 false
grpc object GRPC specifies a GRPC HealthCheckRequest.
 false
httpGet object HTTPGet specifies an HTTP GET request to perform.
 false
initialDelaySeconds integer Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
 false
periodSeconds integer How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.

Format: int32
 false
successThreshold integer Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

Format: int32
 false
tcpSocket object TCPSocket specifies a connection to a TCP port.
 false
terminationGracePeriodSeconds integer Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.

Format: int64
 false
timeoutSeconds integer Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
 false

Ironic.spec.overrides.containers[index].readinessProbe.exec

↩ Parent

Exec specifies a command to execute in the container.

Name Type Description Required
command []string Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false

Ironic.spec.overrides.containers[index].readinessProbe.grpc

↩ Parent

GRPC specifies a GRPC HealthCheckRequest.

Name Type Description Required
port integer Port number of the gRPC service. Number must be in the range 1 to 65535.

Format: int32
 true
service string Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).

If this is not specified, the default behavior is defined by gRPC.

Default:

false

Ironic.spec.overrides.containers[index].readinessProbe.httpGet

↩ Parent

HTTPGet specifies an HTTP GET request to perform.

Name Type Description Required
port int or string Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
host string Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
 false
httpHeaders []object Custom headers to set in the request. HTTP allows repeated headers.
 false
path string Path to access on the HTTP server.
 false
scheme string Scheme to use for connecting to the host. Defaults to HTTP.
 false

Ironic.spec.overrides.containers[index].readinessProbe.httpGet.httpHeaders[index]

↩ Parent

HTTPHeader describes a custom header to be used in HTTP probes

Name Type Description Required
name string The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
value string The header field value
 true

Ironic.spec.overrides.containers[index].readinessProbe.tcpSocket

↩ Parent

TCPSocket specifies a connection to a TCP port.

Name Type Description Required
port int or string Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
host string Optional: Host name to connect to, defaults to the pod IP.
 false

Ironic.spec.overrides.containers[index].resizePolicy[index]

↩ Parent

ContainerResizePolicy represents resource resize policy for the container.

Name Type Description Required
resourceName string Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
 true
restartPolicy string Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
 true

Ironic.spec.overrides.containers[index].resources

↩ Parent

Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

Name Type Description Required
claims []object Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.

This field depends on the DynamicResourceAllocation feature gate.

This field is immutable. It can only be set for containers.

 false
limits map[string]int or string Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false

Ironic.spec.overrides.containers[index].resources.claims[index]

↩ Parent

ResourceClaim references one entry in PodSpec.ResourceClaims.

Name Type Description Required
name string Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 true
request string Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
 false

Ironic.spec.overrides.containers[index].restartPolicyRules[index]

↩ Parent

ContainerRestartRule describes how a container exit is handled.

Name Type Description Required
action string Specifies the action taken on a container exit if the requirements are satisfied. The only possible value is "Restart" to restart the container.
 true
exitCodes object Represents the exit codes to check on container exits.
 false

Ironic.spec.overrides.containers[index].restartPolicyRules[index].exitCodes

↩ Parent

Represents the exit codes to check on container exits.

Name Type Description Required
operator string Represents the relationship between the container exit code(s) and the specified values. Possible values are: - In: the requirement is satisfied if the container exit code is in the set of specified values. - NotIn: the requirement is satisfied if the container exit code is not in the set of specified values.
 true
values []integer Specifies the set of values to check for container exit codes. At most 255 elements are allowed.
 false

Ironic.spec.overrides.containers[index].securityContext

↩ Parent

SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

Name Type Description Required
allowPrivilegeEscalation boolean AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
 false
appArmorProfile object appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows.
 false
capabilities object The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.
 false
privileged boolean Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
 false
procMount string procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
 false
readOnlyRootFilesystem boolean Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
 false
runAsGroup integer The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

Format: int64
 false
runAsNonRoot boolean Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 false
runAsUser integer The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

Format: int64
 false
seLinuxOptions object The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
 false
seccompProfile object The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
 false
windowsOptions object The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
 false

Ironic.spec.overrides.containers[index].securityContext.appArmorProfile

↩ Parent

appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows.

Name Type Description Required
type string type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
 true
localhostProfile string localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost".
 false

Ironic.spec.overrides.containers[index].securityContext.capabilities

↩ Parent

The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.

Name Type Description Required
add []string Added capabilities
 false
drop []string Removed capabilities
 false

Ironic.spec.overrides.containers[index].securityContext.seLinuxOptions

↩ Parent

The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

Name Type Description Required
level string Level is SELinux level label that applies to the container.
 false
role string Role is a SELinux role label that applies to the container.
 false
type string Type is a SELinux type label that applies to the container.
 false
user string User is a SELinux user label that applies to the container.
 false

Ironic.spec.overrides.containers[index].securityContext.seccompProfile

↩ Parent

The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.

Name Type Description Required
type string type indicates which kind of seccomp profile will be applied. Valid options are:

Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.

 true
localhostProfile string localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
 false

Ironic.spec.overrides.containers[index].securityContext.windowsOptions

↩ Parent

The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.

Name Type Description Required
gmsaCredentialSpec string GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
 false
gmsaCredentialSpecName string GMSACredentialSpecName is the name of the GMSA credential spec to use.
 false
hostProcess boolean HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
 false
runAsUserName string The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 false

Ironic.spec.overrides.containers[index].startupProbe

↩ Parent

StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Name Type Description Required
exec object Exec specifies a command to execute in the container.
 false
failureThreshold integer Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.

Format: int32
 false
grpc object GRPC specifies a GRPC HealthCheckRequest.
 false
httpGet object HTTPGet specifies an HTTP GET request to perform.
 false
initialDelaySeconds integer Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
 false
periodSeconds integer How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.

Format: int32
 false
successThreshold integer Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

Format: int32
 false
tcpSocket object TCPSocket specifies a connection to a TCP port.
 false
terminationGracePeriodSeconds integer Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.

Format: int64
 false
timeoutSeconds integer Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
 false

Ironic.spec.overrides.containers[index].startupProbe.exec

↩ Parent

Exec specifies a command to execute in the container.

Name Type Description Required
command []string Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false

Ironic.spec.overrides.containers[index].startupProbe.grpc

↩ Parent

GRPC specifies a GRPC HealthCheckRequest.

Name Type Description Required
port integer Port number of the gRPC service. Number must be in the range 1 to 65535.

Format: int32
 true
service string Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).

If this is not specified, the default behavior is defined by gRPC.

Default:

false

Ironic.spec.overrides.containers[index].startupProbe.httpGet

↩ Parent

HTTPGet specifies an HTTP GET request to perform.

Name Type Description Required
port int or string Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
host string Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
 false
httpHeaders []object Custom headers to set in the request. HTTP allows repeated headers.
 false
path string Path to access on the HTTP server.
 false
scheme string Scheme to use for connecting to the host. Defaults to HTTP.
 false

Ironic.spec.overrides.containers[index].startupProbe.httpGet.httpHeaders[index]

↩ Parent

HTTPHeader describes a custom header to be used in HTTP probes

Name Type Description Required
name string The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
value string The header field value
 true

Ironic.spec.overrides.containers[index].startupProbe.tcpSocket

↩ Parent

TCPSocket specifies a connection to a TCP port.

Name Type Description Required
port int or string Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
host string Optional: Host name to connect to, defaults to the pod IP.
 false

Ironic.spec.overrides.containers[index].volumeDevices[index]

↩ Parent

volumeDevice describes a mapping of a raw block device within a container.

Name Type Description Required
devicePath string devicePath is the path inside of the container that the device will be mapped to.
 true
name string name must match the name of a persistentVolumeClaim in the pod
 true

Ironic.spec.overrides.containers[index].volumeMounts[index]

↩ Parent

VolumeMount describes a mounting of a Volume within a container.

Name Type Description Required
mountPath string Path within the container at which the volume should be mounted. Must not contain ':'.
 true
name string This must match the Name of a Volume.
 true
mountPropagation string mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).
 false
readOnly boolean Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
 false
recursiveReadOnly string RecursiveReadOnly specifies whether read-only mounts should be handled recursively.

If ReadOnly is false, this field has no meaning and must be unspecified.

If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason.

If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None).

If this field is not specified, it is treated as an equivalent of Disabled.

 false
subPath string Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
 false
subPathExpr string Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
 false

Ironic.spec.overrides.initContainers[index]

↩ Parent

A single application container that you want to run within a pod.

Name Type Description Required
name string Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
 true
args []string Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
 false
command []string Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
 false
env []object List of environment variables to set in the container. Cannot be updated.
 false
envFrom []object List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.
 false
image string Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.
 false
imagePullPolicy string Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
 false
lifecycle object Actions that the management system should take in response to container lifecycle events. Cannot be updated.
 false
livenessProbe object Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 false
ports []object List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See kubernetes/kubernetes#108255. Cannot be updated.
 false
readinessProbe object Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 false
resizePolicy []object Resources resize policy for the container.
 false
resources object Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
restartPolicy string RestartPolicy defines the restart behavior of individual containers in a pod. This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Additionally, setting the RestartPolicy as "Always" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy "Always" will be shut down. This lifecycle differs from normal init containers and is often referred to as a "sidecar" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.
 false
restartPolicyRules []object Represents a list of rules to be checked to determine if the container should be restarted on exit. The rules are evaluated in order. Once a rule matches a container exit condition, the remaining rules are ignored. If no rule matches the container exit condition, the Container-level restart policy determines the whether the container is restarted or not. Constraints on the rules: - At most 20 rules are allowed. - Rules can have the same action. - Identical rules are not forbidden in validations. When rules are specified, container MUST set RestartPolicy explicitly even it if matches the Pod's RestartPolicy.
 false
securityContext object SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
 false
startupProbe object StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 false
stdin boolean Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.
 false
stdinOnce boolean Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false
 false
terminationMessagePath string Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.
 false
terminationMessagePolicy string Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.
 false
tty boolean Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.
 false
volumeDevices []object volumeDevices is the list of block devices to be used by the container.
 false
volumeMounts []object Pod volumes to mount into the container's filesystem. Cannot be updated.
 false
workingDir string Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
 false

Ironic.spec.overrides.initContainers[index].env[index]

↩ Parent

EnvVar represents an environment variable present in a Container.

Name Type Description Required
name string Name of the environment variable. May consist of any printable ASCII characters except '='.
 true
value string Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".
 false
valueFrom object Source for the environment variable's value. Cannot be used if value is not empty.
 false

Ironic.spec.overrides.initContainers[index].env[index].valueFrom

↩ Parent

Source for the environment variable's value. Cannot be used if value is not empty.

Name Type Description Required
configMapKeyRef object Selects a key of a ConfigMap.
 false
fieldRef object Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
fileKeyRef object FileKeyRef selects a key of the env file. Requires the EnvFiles feature gate to be enabled.
 false
resourceFieldRef object Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
secretKeyRef object Selects a key of a secret in the pod's namespace
 false

Ironic.spec.overrides.initContainers[index].env[index].valueFrom.configMapKeyRef

↩ Parent

Selects a key of a ConfigMap.

Name Type Description Required
key string The key to select.
 true
name string Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
false
optional boolean Specify whether the ConfigMap or its key must be defined
 false

Ironic.spec.overrides.initContainers[index].env[index].valueFrom.fieldRef

↩ Parent

Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels['<KEY>'], metadata.annotations['<KEY>'], spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.

Name Type Description Required
fieldPath string Path of the field to select in the specified API version.
 true
apiVersion string Version of the schema the FieldPath is written in terms of, defaults to "v1".
 false

Ironic.spec.overrides.initContainers[index].env[index].valueFrom.fileKeyRef

↩ Parent

FileKeyRef selects a key of the env file. Requires the EnvFiles feature gate to be enabled.

Name Type Description Required
key string The key within the env file. An invalid key will prevent the pod from starting. The keys defined within a source may consist of any printable ASCII characters except '='. During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.
 true
path string The path within the volume from which to select the file. Must be relative and may not contain the '..' path or start with '..'.
 true
volumeName string The name of the volume mount containing the env file.
 true
optional boolean Specify whether the file or its key must be defined. If the file or key does not exist, then the env var is not published. If optional is set to true and the specified key does not exist, the environment variable will not be set in the Pod's containers.

If optional is set to false and the specified key does not exist, an error will be returned during Pod creation.

Default: false

 false

Ironic.spec.overrides.initContainers[index].env[index].valueFrom.resourceFieldRef

↩ Parent

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.

Name Type Description Required
resource string Required: resource to select
 true
containerName string Container name: required for volumes, optional for env vars
 false
divisor int or string Specifies the output format of the exposed resources, defaults to "1"
 false

Ironic.spec.overrides.initContainers[index].env[index].valueFrom.secretKeyRef

↩ Parent

Selects a key of a secret in the pod's namespace

Name Type Description Required
key string The key of the secret to select from. Must be a valid secret key.
 true
name string Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
false
optional boolean Specify whether the Secret or its key must be defined
 false

Ironic.spec.overrides.initContainers[index].envFrom[index]

↩ Parent

EnvFromSource represents the source of a set of ConfigMaps or Secrets

Name Type Description Required
configMapRef object The ConfigMap to select from
 false
prefix string Optional text to prepend to the name of each environment variable. May consist of any printable ASCII characters except '='.
 false
secretRef object The Secret to select from
 false

Ironic.spec.overrides.initContainers[index].envFrom[index].configMapRef

↩ Parent

The ConfigMap to select from

Name Type Description Required
name string Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
false
optional boolean Specify whether the ConfigMap must be defined
 false

Ironic.spec.overrides.initContainers[index].envFrom[index].secretRef

↩ Parent

The Secret to select from

Name Type Description Required
name string Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

Default:
false
optional boolean Specify whether the Secret must be defined
 false

Ironic.spec.overrides.initContainers[index].lifecycle

↩ Parent

Actions that the management system should take in response to container lifecycle events. Cannot be updated.

Name Type Description Required
postStart object PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
 false
preStop object PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
 false
stopSignal string StopSignal defines which signal will be sent to a container when it is being stopped. If not specified, the default is defined by the container runtime in use. StopSignal can only be set for Pods with a non-empty .spec.os.name
 false

Ironic.spec.overrides.initContainers[index].lifecycle.postStart

↩ Parent

PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

Name Type Description Required
exec object Exec specifies a command to execute in the container.
 false
httpGet object HTTPGet specifies an HTTP GET request to perform.
 false
sleep object Sleep represents a duration that the container should sleep.
 false
tcpSocket object Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified.
 false

Ironic.spec.overrides.initContainers[index].lifecycle.postStart.exec

↩ Parent

Exec specifies a command to execute in the container.

Name Type Description Required
command []string Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false

Ironic.spec.overrides.initContainers[index].lifecycle.postStart.httpGet

↩ Parent

HTTPGet specifies an HTTP GET request to perform.

Name Type Description Required
port int or string Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
host string Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
 false
httpHeaders []object Custom headers to set in the request. HTTP allows repeated headers.
 false
path string Path to access on the HTTP server.
 false
scheme string Scheme to use for connecting to the host. Defaults to HTTP.
 false

Ironic.spec.overrides.initContainers[index].lifecycle.postStart.httpGet.httpHeaders[index]

↩ Parent

HTTPHeader describes a custom header to be used in HTTP probes

Name Type Description Required
name string The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
value string The header field value
 true

Ironic.spec.overrides.initContainers[index].lifecycle.postStart.sleep

↩ Parent

Sleep represents a duration that the container should sleep.

Name Type Description Required
seconds integer Seconds is the number of seconds to sleep.

Format: int64
 true

Ironic.spec.overrides.initContainers[index].lifecycle.postStart.tcpSocket

↩ Parent

Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified.

Name Type Description Required
port int or string Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
host string Optional: Host name to connect to, defaults to the pod IP.
 false

Ironic.spec.overrides.initContainers[index].lifecycle.preStop

↩ Parent

PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

Name Type Description Required
exec object Exec specifies a command to execute in the container.
 false
httpGet object HTTPGet specifies an HTTP GET request to perform.
 false
sleep object Sleep represents a duration that the container should sleep.
 false
tcpSocket object Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified.
 false

Ironic.spec.overrides.initContainers[index].lifecycle.preStop.exec

↩ Parent

Exec specifies a command to execute in the container.

Name Type Description Required
command []string Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false

Ironic.spec.overrides.initContainers[index].lifecycle.preStop.httpGet

↩ Parent

HTTPGet specifies an HTTP GET request to perform.

Name Type Description Required
port int or string Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
host string Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
 false
httpHeaders []object Custom headers to set in the request. HTTP allows repeated headers.
 false
path string Path to access on the HTTP server.
 false
scheme string Scheme to use for connecting to the host. Defaults to HTTP.
 false

Ironic.spec.overrides.initContainers[index].lifecycle.preStop.httpGet.httpHeaders[index]

↩ Parent

HTTPHeader describes a custom header to be used in HTTP probes

Name Type Description Required
name string The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
value string The header field value
 true

Ironic.spec.overrides.initContainers[index].lifecycle.preStop.sleep

↩ Parent

Sleep represents a duration that the container should sleep.

Name Type Description Required
seconds integer Seconds is the number of seconds to sleep.

Format: int64
 true

Ironic.spec.overrides.initContainers[index].lifecycle.preStop.tcpSocket

↩ Parent

Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified.

Name Type Description Required
port int or string Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
host string Optional: Host name to connect to, defaults to the pod IP.
 false

Ironic.spec.overrides.initContainers[index].livenessProbe

↩ Parent

Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Name Type Description Required
exec object Exec specifies a command to execute in the container.
 false
failureThreshold integer Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.

Format: int32
 false
grpc object GRPC specifies a GRPC HealthCheckRequest.
 false
httpGet object HTTPGet specifies an HTTP GET request to perform.
 false
initialDelaySeconds integer Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
 false
periodSeconds integer How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.

Format: int32
 false
successThreshold integer Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

Format: int32
 false
tcpSocket object TCPSocket specifies a connection to a TCP port.
 false
terminationGracePeriodSeconds integer Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.

Format: int64
 false
timeoutSeconds integer Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
 false

Ironic.spec.overrides.initContainers[index].livenessProbe.exec

↩ Parent

Exec specifies a command to execute in the container.

Name Type Description Required
command []string Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false

Ironic.spec.overrides.initContainers[index].livenessProbe.grpc

↩ Parent

GRPC specifies a GRPC HealthCheckRequest.

Name Type Description Required
port integer Port number of the gRPC service. Number must be in the range 1 to 65535.

Format: int32
 true
service string Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).

If this is not specified, the default behavior is defined by gRPC.

Default:

false

Ironic.spec.overrides.initContainers[index].livenessProbe.httpGet

↩ Parent

HTTPGet specifies an HTTP GET request to perform.

Name Type Description Required
port int or string Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
host string Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
 false
httpHeaders []object Custom headers to set in the request. HTTP allows repeated headers.
 false
path string Path to access on the HTTP server.
 false
scheme string Scheme to use for connecting to the host. Defaults to HTTP.
 false

Ironic.spec.overrides.initContainers[index].livenessProbe.httpGet.httpHeaders[index]

↩ Parent

HTTPHeader describes a custom header to be used in HTTP probes

Name Type Description Required
name string The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
value string The header field value
 true

Ironic.spec.overrides.initContainers[index].livenessProbe.tcpSocket

↩ Parent

TCPSocket specifies a connection to a TCP port.

Name Type Description Required
port int or string Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
host string Optional: Host name to connect to, defaults to the pod IP.
 false

Ironic.spec.overrides.initContainers[index].ports[index]

↩ Parent

ContainerPort represents a network port in a single container.

Name Type Description Required
containerPort integer Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.

Format: int32
 true
hostIP string What host IP to bind the external port to.
 false
hostPort integer Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.

Format: int32
 false
name string If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.
 false
protocol string Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP".

Default: TCP
 false

Ironic.spec.overrides.initContainers[index].readinessProbe

↩ Parent

Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Name Type Description Required
exec object Exec specifies a command to execute in the container.
 false
failureThreshold integer Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.

Format: int32
 false
grpc object GRPC specifies a GRPC HealthCheckRequest.
 false
httpGet object HTTPGet specifies an HTTP GET request to perform.
 false
initialDelaySeconds integer Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
 false
periodSeconds integer How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.

Format: int32
 false
successThreshold integer Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

Format: int32
 false
tcpSocket object TCPSocket specifies a connection to a TCP port.
 false
terminationGracePeriodSeconds integer Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.

Format: int64
 false
timeoutSeconds integer Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
 false

Ironic.spec.overrides.initContainers[index].readinessProbe.exec

↩ Parent

Exec specifies a command to execute in the container.

Name Type Description Required
command []string Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false

Ironic.spec.overrides.initContainers[index].readinessProbe.grpc

↩ Parent

GRPC specifies a GRPC HealthCheckRequest.

Name Type Description Required
port integer Port number of the gRPC service. Number must be in the range 1 to 65535.

Format: int32
 true
service string Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).

If this is not specified, the default behavior is defined by gRPC.

Default:

false

Ironic.spec.overrides.initContainers[index].readinessProbe.httpGet

↩ Parent

HTTPGet specifies an HTTP GET request to perform.

Name Type Description Required
port int or string Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
host string Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
 false
httpHeaders []object Custom headers to set in the request. HTTP allows repeated headers.
 false
path string Path to access on the HTTP server.
 false
scheme string Scheme to use for connecting to the host. Defaults to HTTP.
 false

Ironic.spec.overrides.initContainers[index].readinessProbe.httpGet.httpHeaders[index]

↩ Parent

HTTPHeader describes a custom header to be used in HTTP probes

Name Type Description Required
name string The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
value string The header field value
 true

Ironic.spec.overrides.initContainers[index].readinessProbe.tcpSocket

↩ Parent

TCPSocket specifies a connection to a TCP port.

Name Type Description Required
port int or string Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
host string Optional: Host name to connect to, defaults to the pod IP.
 false

Ironic.spec.overrides.initContainers[index].resizePolicy[index]

↩ Parent

ContainerResizePolicy represents resource resize policy for the container.

Name Type Description Required
resourceName string Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.
 true
restartPolicy string Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.
 true

Ironic.spec.overrides.initContainers[index].resources

↩ Parent

Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

Name Type Description Required
claims []object Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.

This field depends on the DynamicResourceAllocation feature gate.

This field is immutable. It can only be set for containers.

 false
limits map[string]int or string Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
requests map[string]int or string Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false

Ironic.spec.overrides.initContainers[index].resources.claims[index]

↩ Parent

ResourceClaim references one entry in PodSpec.ResourceClaims.

Name Type Description Required
name string Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
 true
request string Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
 false

Ironic.spec.overrides.initContainers[index].restartPolicyRules[index]

↩ Parent

ContainerRestartRule describes how a container exit is handled.

Name Type Description Required
action string Specifies the action taken on a container exit if the requirements are satisfied. The only possible value is "Restart" to restart the container.
 true
exitCodes object Represents the exit codes to check on container exits.
 false

Ironic.spec.overrides.initContainers[index].restartPolicyRules[index].exitCodes

↩ Parent

Represents the exit codes to check on container exits.

Name Type Description Required
operator string Represents the relationship between the container exit code(s) and the specified values. Possible values are: - In: the requirement is satisfied if the container exit code is in the set of specified values. - NotIn: the requirement is satisfied if the container exit code is not in the set of specified values.
 true
values []integer Specifies the set of values to check for container exit codes. At most 255 elements are allowed.
 false

Ironic.spec.overrides.initContainers[index].securityContext

↩ Parent

SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

Name Type Description Required
allowPrivilegeEscalation boolean AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
 false
appArmorProfile object appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows.
 false
capabilities object The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.
 false
privileged boolean Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
 false
procMount string procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
 false
readOnlyRootFilesystem boolean Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
 false
runAsGroup integer The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

Format: int64
 false
runAsNonRoot boolean Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 false
runAsUser integer The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

Format: int64
 false
seLinuxOptions object The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
 false
seccompProfile object The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
 false
windowsOptions object The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
 false

Ironic.spec.overrides.initContainers[index].securityContext.appArmorProfile

↩ Parent

appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows.

Name Type Description Required
type string type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
 true
localhostProfile string localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost".
 false

Ironic.spec.overrides.initContainers[index].securityContext.capabilities

↩ Parent

The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.

Name Type Description Required
add []string Added capabilities
 false
drop []string Removed capabilities
 false

Ironic.spec.overrides.initContainers[index].securityContext.seLinuxOptions

↩ Parent

The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

Name Type Description Required
level string Level is SELinux level label that applies to the container.
 false
role string Role is a SELinux role label that applies to the container.
 false
type string Type is a SELinux type label that applies to the container.
 false
user string User is a SELinux user label that applies to the container.
 false

Ironic.spec.overrides.initContainers[index].securityContext.seccompProfile

↩ Parent

The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.

Name Type Description Required
type string type indicates which kind of seccomp profile will be applied. Valid options are:

Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.

 true
localhostProfile string localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
 false

Ironic.spec.overrides.initContainers[index].securityContext.windowsOptions

↩ Parent

The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.

Name Type Description Required
gmsaCredentialSpec string GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
 false
gmsaCredentialSpecName string GMSACredentialSpecName is the name of the GMSA credential spec to use.
 false
hostProcess boolean HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
 false
runAsUserName string The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
 false

Ironic.spec.overrides.initContainers[index].startupProbe

↩ Parent

StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Name Type Description Required
exec object Exec specifies a command to execute in the container.
 false
failureThreshold integer Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.

Format: int32
 false
grpc object GRPC specifies a GRPC HealthCheckRequest.
 false
httpGet object HTTPGet specifies an HTTP GET request to perform.
 false
initialDelaySeconds integer Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
 false
periodSeconds integer How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.

Format: int32
 false
successThreshold integer Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.

Format: int32
 false
tcpSocket object TCPSocket specifies a connection to a TCP port.
 false
terminationGracePeriodSeconds integer Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.

Format: int64
 false
timeoutSeconds integer Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
 false

Ironic.spec.overrides.initContainers[index].startupProbe.exec

↩ Parent

Exec specifies a command to execute in the container.

Name Type Description Required
command []string Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false

Ironic.spec.overrides.initContainers[index].startupProbe.grpc

↩ Parent

GRPC specifies a GRPC HealthCheckRequest.

Name Type Description Required
port integer Port number of the gRPC service. Number must be in the range 1 to 65535.

Format: int32
 true
service string Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).

If this is not specified, the default behavior is defined by gRPC.

Default:

false

Ironic.spec.overrides.initContainers[index].startupProbe.httpGet

↩ Parent

HTTPGet specifies an HTTP GET request to perform.

Name Type Description Required
port int or string Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
host string Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.
 false
httpHeaders []object Custom headers to set in the request. HTTP allows repeated headers.
 false
path string Path to access on the HTTP server.
 false
scheme string Scheme to use for connecting to the host. Defaults to HTTP.
 false

Ironic.spec.overrides.initContainers[index].startupProbe.httpGet.httpHeaders[index]

↩ Parent

HTTPHeader describes a custom header to be used in HTTP probes

Name Type Description Required
name string The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
value string The header field value
 true

Ironic.spec.overrides.initContainers[index].startupProbe.tcpSocket

↩ Parent

TCPSocket specifies a connection to a TCP port.

Name Type Description Required
port int or string Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.
 true
host string Optional: Host name to connect to, defaults to the pod IP.
 false

Ironic.spec.overrides.initContainers[index].volumeDevices[index]

↩ Parent

volumeDevice describes a mapping of a raw block device within a container.

Name Type Description Required
devicePath string devicePath is the path inside of the container that the device will be mapped to.
 true
name string name must match the name of a persistentVolumeClaim in the pod
 true

Ironic.spec.overrides.initContainers[index].volumeMounts[index]

↩ Parent

VolumeMount describes a mounting of a Volume within a container.

Name Type Description Required
mountPath string Path within the container at which the volume should be mounted. Must not contain ':'.
 true
name string This must match the Name of a Volume.
 true
mountPropagation string mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).
 false
readOnly boolean Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
 false
recursiveReadOnly string RecursiveReadOnly specifies whether read-only mounts should be handled recursively.

If ReadOnly is false, this field has no meaning and must be unspecified.

If ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason.

If this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None).

If this field is not specified, it is treated as an equivalent of Disabled.

 false
subPath string Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).
 false
subPathExpr string Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.
 false

Ironic.spec.prometheusExporter

↩ Parent

PrometheusExporter configures sensor data collection and Prometheus metrics export. When enabled, this configures Ironic to collect sensor data and deploys the ironic-prometheus-exporter container.

Name Type Description Required
enabled boolean Enabled controls whether sensor data collection and metrics export is active. When true, configures Ironic to collect sensor data and deploys the ironic-prometheus-exporter container.
 true
disableServiceMonitor boolean DisableServiceMonitor controls whether a ServiceMonitor resource is created. Set to true if your cluster does not have prometheus-operator installed, or when you want to run the exporter but manage Prometheus configuration manually.

Must be set to true for a highly available deployment. In this case, every replica provides different metrics, which must be aggregated on the consumer side.

 false
sensorCollectionInterval integer SensorCollectionInterval defines how often (in seconds) sensor data is collected from BMCs using Ironic. Must be at least 60 seconds.

Default: 60
Minimum: 60
 false

Ironic.spec.tls

↩ Parent

TLS defines TLS-related settings for various network interactions.

Name Type Description Required
bmcCA object BMCCA is a reference to a ConfigMap or Secret containing the CA certificate(s) to use when validating TLS connections to BMCs. Supported in Ironic 32.0 or newer.
 false
bmcCAName string BMCCAName is a reference to the secret with the CA certificate(s) to use when validating TLS connections to BMC's. Supported in Ironic 32.0 or newer.

Deprecated: Use BMCCA instead. This field will be removed in a future release.

 false
certificateName string CertificateName is a reference to the secret with the TLS certificate. Must contains both the certificate and the private key parts.
 false
disableVirtualMediaTLS boolean DisableVirtualMediaTLS turns off TLS on the virtual media server, which may be required for hardware that cannot accept HTTPS links.
 false
insecureRPC boolean InsecureRPC disables TLS validation for the internal RPC. Without it, the certificate must be valid for all IP addresses on which Ironic replicas may end up running. Has no effect when HighAvailability is false and requires the HighAvailability feature gate to be set.
 false
trustedCA object TrustedCA is a reference to a ConfigMap or Secret containing the CA certificate(s) to use when validating TLS connections to image servers and other services. The resource should contain one or more CA certificates in PEM format.
 false
trustedCAName string TrustedCAName is a reference to the configmap with the CA certificate(s) to use when validating TLS connections to image servers and other services. The configmap should contain one or more CA certificates in PEM format. If the configmap contains multiple keys, only the first key will be used and a warning will be logged.

Deprecated: Use TrustedCA instead. This field will be removed in a future release.

 false

Ironic.spec.tls.bmcCA

↩ Parent

BMCCA is a reference to a ConfigMap or Secret containing the CA certificate(s) to use when validating TLS connections to BMCs. Supported in Ironic 32.0 or newer.

Name Type Description Required
kind enum Kind of the resource (ConfigMap or Secret).

Enum: ConfigMap, Secret
 true
name string Name of the resource.
 true

Ironic.spec.tls.trustedCA

↩ Parent

TrustedCA is a reference to a ConfigMap or Secret containing the CA certificate(s) to use when validating TLS connections to image servers and other services. The resource should contain one or more CA certificates in PEM format.

Name Type Description Required
kind enum Kind of the resource (ConfigMap or Secret).

Enum: ConfigMap, Secret
 true
name string Name of the resource.
 true
key string Key within the resource to use. If not specified and the resource contains multiple keys, the first key will be used and a warning will be logged for other keys.
 false

Ironic.status

↩ Parent

IronicStatus defines the observed state of Ironic.

Name Type Description Required
conditions []object Conditions describe the state of the Ironic deployment.
 false
installedVersion string InstalledVersion identifies which version of Ironic was installed.
 false
requestedVersion string RequestedVersion identifies which version of Ironic was last requested.
 false

Ironic.status.conditions[index]

↩ Parent

Condition contains details for one aspect of the current state of this API Resource.

Name Type Description Required
lastTransitionTime string lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

Format: date-time
 true
message string message is a human readable message indicating details about the transition. This may be an empty string.
 true
reason string reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
 true
status enum status of the condition, one of True, False, Unknown.

Enum: True, False, Unknown
 true
type string type of condition in CamelCase or in foo.example.com/CamelCase.
 true
observedGeneration integer observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.

Format: int64
Minimum: 0
 false