ReadonlyadminReadonlyapiReadonlyapiReadonlyasgiReadonlyceleryReadonlyceleryReadonlyceleryReadonlyconfigReadonlyingressOptional ReadonlynamespaceReadonlynamespaceReadonlynodeThe tree node.
Optional ReadonlysyncOptional ReadonlysyncReadonlywsgiStaticbackendStaticdefaultReturns all the included API objects.
Labels applied to all resources in this chart.
This is an immutable copy.
Create a dependency between this Chart and other constructs. These can be other ApiObjects, Charts, or custom.
the dependencies to add.
Generates a app-unique name for an object given it's construct node path.
Different resource types may have different constraints on names
(metadata.name). The previous version of the name generator was
compatible with DNS_SUBDOMAIN but not with DNS_LABEL.
For example, Deployment names must comply with DNS_SUBDOMAIN while
Service names must comply with DNS_LABEL.
Since there is no formal specification for this, the default name generation scheme for kubernetes objects in cdk8s was changed to DNS_LABEL, since it’s the common denominator for all kubernetes resources (supposedly).
You can override this method if you wish to customize object names at the chart level.
The API object to generate a name for.
Renders this chart to a set of Kubernetes JSON resources.
array of resource manifests
Returns a string representation of this construct.
Static[hasInternalImplements instanceof Chart using the more reliable Chart.isChart static method
The object to check
StaticisReturn whether the given object is a Chart.
We do attribute detection since we can't reliably use 'instanceof'.
StaticisChecks if x is a construct.
Use this method instead of instanceof to properly detect Construct
instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the constructs library on
disk are seen as independent, completely different libraries. As a
consequence, the class Construct in each copy of the constructs library
is seen as a different class, and an instance of one class will not test as
instanceof the other class. npm install will not create installations
like this, but users may manually symlink construct libraries together or
use a monorepo tool: in those cases, multiple copies of the constructs
library can be accidentally installed, and instanceof will behave
unpredictably. It is safest to avoid using instanceof, and using
this type-testing method instead.
Any object
true if x is an object created from a class which extends Construct.
StaticofFinds the chart in which a node is defined.
a construct node
StaticwithOptionaladminWebsocket?: {Optional ReadonlyautomountServiceAccountToken?: booleanIndicates whether a service account token should be automatically mounted.
OptionalcontainerDefaults?: {Optional Readonlyargs?: string[]Arguments to the entrypoint. The docker image's CMD is used if command is
not provided.
Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not.
Cannot be updated.
Optional Readonlycommand?: string[]Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
Optional ReadonlyenvFrom?: EnvFrom[]List of sources to populate environment variables in the container.
When a key exists in multiple sources, the value associated with
the last source will take precedence. Values defined by the envVariables property
with a duplicate key will take precedence.
Optional ReadonlyenvVariables?: { [key: string]: undefined | { value?: any; valueFrom?: any } }Environment variables to set in the container.
Optional Readonlyimage?: stringDocker image name.
Optional ReadonlyimagePullPolicy?: ImagePullPolicyImage pull policy for this container
Optional Readonlylifecycle?: {Describes actions that the management system should take in response to container lifecycle events.
Optional ReadonlypostStart?: { _toKube?: (cont: ...) => ... }This hook is executed immediately after a container is created. However, there is no guarantee that the hook will execute before the container ENTRYPOINT.
Optional ReadonlypreStop?: { _toKube?: (cont: ...) => ... }This hook is called immediately before a container is terminated due to an API request or management event such as a liveness/startup probe failure, preemption, resource contention and others. A call to the PreStop hook fails if the container is already in a terminated or completed state and the hook must complete before the TERM signal to stop the container can be sent. The Pod's termination grace period countdown begins before the PreStop hook is executed, so regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period. No parameters are passed to the handler.
Optional Readonlyliveness?: { _toKube?: (cont: Container) => Probe }Periodic probe of container liveness. Container will be restarted if the probe fails.
Optional Readonlyname?: stringName of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
Optional Readonlyport?: numberOptional ReadonlyportNumber?: numberNumber of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.
This is a convinience property if all you need a single TCP numbered port.
In case more advanced configuartion is required, use the ports property.
This port is added to the list of ports mentioned in the ports property.
Optional Readonlyports?: ContainerPort[]List of ports to expose from this container.
Optional Readonlyreadiness?: { _toKube?: (cont: Container) => Probe }Determines when the container is ready to serve traffic.
Optional Readonlyresources?: {Compute resources (CPU and memory requests and limits) required by the container
Optional ReadonlyrestartPolicy?: ContainerRestartPolicyKubelet will start init containers with restartPolicy=Always in the order with other init containers, but instead of waiting for its completion, it will wait for the container startup completion Currently, only accepted value is Always
Optional ReadonlysecurityContext?: {SecurityContext defines the security options the container should be run with. If set, the fields override equivalent fields of the pod's security context.
Optional ReadonlyallowPrivilegeEscalation?: booleanWhether a process can gain more privileges than its parent process.
Optional Readonlycapabilities?: { add?: (...)[]; drop?: (...)[] }POSIX capabilities for running containers
Optional Readonlyadd?: (...)[]Added capabilities
Optional Readonlydrop?: (...)[]Removed capabilities
Optional ReadonlyensureNonRoot?: booleanIndicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does.
Optional Readonlygroup?: numberThe GID to run the entrypoint of the container process.
Optional Readonlyprivileged?: booleanRun container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host.
Optional ReadonlyreadOnlyRootFilesystem?: booleanWhether this container has a read-only root filesystem.
Optional ReadonlyseccompProfile?: { localhostProfile?: string; type?: SeccompProfileType }Container's seccomp profile settings. Only one profile source may be set
Optional ReadonlylocalhostProfile?: stringlocalhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
Optional Readonlytype?: SeccompProfileTypeIndicates which kind of seccomp profile will be applied
Optional Readonlyuser?: numberThe UID to run the entrypoint of the container process.
Optional Readonlystartup?: { _toKube?: (cont: Container) => Probe }StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully
Optional ReadonlyvolumeMounts?: VolumeMount[]Pod volumes to mount into the container's filesystem. Cannot be updated.
Optional ReadonlyworkingDir?: stringContainer's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
Optional Readonlycontainers?: ContainerProps[]List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod.
You can add additionnal containers using podSpec.addContainer()
Optional Readonlydns?: {DNS settings for the pod.
Optional Readonlyhostname?: stringSpecifies the hostname of the Pod.
Optional ReadonlyhostnameAsFQDN?: booleanIf true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters to FQDN. If a pod does not have FQDN, this has no effect.
Optional Readonlynameservers?: string[]A list of IP addresses that will be used as DNS servers for the Pod. There can be at most 3 IP addresses specified. When the policy is set to "NONE", the list must contain at least one IP address, otherwise this property is optional. The servers listed will be combined to the base nameservers generated from the specified DNS policy with duplicate addresses removed.
Optional Readonlyoptions?: DnsOption[]List of objects where each object may have a name property (required) and a value property (optional). The contents in this property will be merged to the options generated from the specified DNS policy. Duplicate entries are removed.
Optional Readonlypolicy?: DnsPolicySet DNS policy for the pod.
If policy is set to None, other configuration must be supplied.
Optional Readonlysearches?: string[]A list of DNS search domains for hostname lookup in the Pod. When specified, the provided list will be merged into the base search domain names generated from the chosen DNS policy. Duplicate domain names are removed.
Kubernetes allows for at most 6 search domains.
Optional Readonlysubdomain?: stringIf specified, the fully qualified Pod hostname will be "
Optional ReadonlydockerRegistryAuth?: {A secret containing docker credentials for authenticating to a registry.
Optional ReadonlyapiGroup?: stringThe group portion of the API version (e.g. authorization.k8s.io).
Optional ReadonlyapiVersion?: stringThe object's API version (e.g. "authorization.k8s.io/v1")
OptionalenvValue?: (key: string, options?: EnvValueFromSecretOptions) => EnvValueOptional Readonlykind?: stringThe object kind (e.g. "Deployment").
Optional Readonlyname?: stringThe Kubernetes name of this resource.
Optional Readonlynode?: {The tree node.
OptionaladdDependency?: (...deps: IDependable[]) => voidOptionaladdMetadata?: (type: string, data: any, options?: MetadataOptions) => voidOptionaladdr?: stringOptionaladdValidation?: (validation: IValidation) => voidOptionalchildren?: IConstruct[]OptionaldefaultChild?: {Optional Readonlynode?: { readonly scope?: { readonly node?: ... | undefined; } | undefined; readonly id?: string | undefined; readonly path?: string | undefined; readonly addr?: string | undefined; tryFindChild?: ((id: string) => IConstruct | undefined) | undefined; ... 18 more ...; lock?: (() => void) | undefined; } | undefinedThe tree node.
Optionaldependencies?: IConstruct[]OptionalfindAll?: (order?: ConstructOrder) => IConstruct[]OptionalfindChild?: (id: string) => IConstructOptionalgetAllContext?: (defaults?: object) => anyOptionalgetContext?: (key: string) => anyOptional Readonlyid?: stringThe id of this construct within the current scope.
This is a scope-unique id. To obtain an app-unique id for this construct, use addr.
Optionallock?: () => voidOptionallocked?: booleanOptionalmetadata?: MetadataEntry[]Optionalpath?: stringOptionalroot?: {Optional Readonlynode?: { readonly scope?: { readonly node?: ... | undefined; } | undefined; readonly id?: string | undefined; readonly path?: string | undefined; readonly addr?: string | undefined; tryFindChild?: ((id: string) => IConstruct | undefined) | undefined; ... 18 more ...; lock?: (() => void) | undefined; } | undefinedThe tree node.
Optional Readonlyscope?: {Returns the scope in which this construct is defined.
The value is undefined at the root of the construct scope tree.
Optional Readonlynode?: { readonly scope?: { readonly node?: ... | undefined; } | undefined; readonly id?: string | undefined; readonly path?: string | undefined; readonly addr?: string | undefined; tryFindChild?: ((id: string) => IConstruct | undefined) | undefined; ... 18 more ...; lock?: (() => void) | undefined; } | undefinedThe tree node.
Optionalscopes?: IConstruct[]OptionalsetContext?: (key: string, value: any) => voidOptionaltryFindChild?: (id: string) => undefined | IConstructOptionaltryGetContext?: (key: string) => anyOptionaltryRemoveChild?: (childName: string) => booleanOptionalvalidate?: () => string[]Optional ReadonlyresourceName?: stringThe unique, namespace-global, name of an object inside the Kubernetes cluster.
If this is omitted, the ApiResource should represent all objects of the given type.
Optional ReadonlyresourceType?: stringThe name of a resource type as it appears in the relevant API endpoint.
Optional ReadonlyhostAliases?: HostAlias[]HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file.
Optional ReadonlyhostNetwork?: booleanHost network for the pod.
Optionalimage?: { pullPolicy?: string; repository?: string; tag?: string }Optional ReadonlyinitContainers?: ContainerProps[]List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion.
Init containers cannot currently be added ,removed or updated.
Optional Readonlyisolate?: booleanIsolates the pod. This will prevent any ingress or egress connections to / from this pod.
You can however allow explicit connections post instantiation by using the .connections property.
Optional Readonlymetadata?: {Metadata that all persisted resources must have, which includes all objects users must create.
Optional Readonlyannotations?: { [key: string]: undefined | string }Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.
Optional Readonlyfinalizers?: string[]Namespaced keys that tell Kubernetes to wait until specific conditions are met before it fully deletes resources marked for deletion.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
Optional Readonlylabels?: { [key: string]: undefined | string }Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services.
Optional Readonlyname?: stringThe unique, namespace-global, name of this object inside the Kubernetes cluster.
Normally, you shouldn't specify names for objects and let the CDK generate a name for you that is application-unique. The names CDK generates are composed from the construct path components, separated by dots and a suffix that is based on a hash of the entire path, to ensure uniqueness.
You can supply custom name allocation logic by overriding the
chart.generateObjectName method.
If you use an explicit name here, bear in mind that this reduces the composability of your construct because it won't be possible to include more than one instance in any app. Therefore it is highly recommended to leave this unspecified.
Optional Readonlynamespace?: stringNamespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
Optional ReadonlyownerReferences?: OwnerReference[]List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
Kubernetes sets the value of this field automatically for objects that are dependents of other objects like ReplicaSets, DaemonSets, Deployments, Jobs and CronJobs, and ReplicationControllers. You can also configure these relationships manually by changing the value of this field. However, you usually don't need to and can allow Kubernetes to automatically manage the relationships.
Optional ReadonlypodMetadata?: {The pod metadata of this workload.
Optional Readonlyannotations?: { [key: string]: undefined | string }Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.
Optional Readonlyfinalizers?: string[]Namespaced keys that tell Kubernetes to wait until specific conditions are met before it fully deletes resources marked for deletion.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
Optional Readonlylabels?: { [key: string]: undefined | string }Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services.
Optional Readonlyname?: stringThe unique, namespace-global, name of this object inside the Kubernetes cluster.
Normally, you shouldn't specify names for objects and let the CDK generate a name for you that is application-unique. The names CDK generates are composed from the construct path components, separated by dots and a suffix that is based on a hash of the entire path, to ensure uniqueness.
You can supply custom name allocation logic by overriding the
chart.generateObjectName method.
If you use an explicit name here, bear in mind that this reduces the composability of your construct because it won't be possible to include more than one instance in any app. Therefore it is highly recommended to leave this unspecified.
Optional Readonlynamespace?: stringNamespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
Optional ReadonlyownerReferences?: OwnerReference[]List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
Kubernetes sets the value of this field automatically for objects that are dependents of other objects like ReplicaSets, DaemonSets, Deployments, Jobs and CronJobs, and ReplicationControllers. You can also configure these relationships manually by changing the value of this field. However, you usually don't need to and can allow Kubernetes to automatically manage the relationships.
Optionalprobes?: {Optional Readonlyliveness?: { _toKube?: (cont: Container) => Probe }Periodic probe of container liveness. Container will be restarted if the probe fails.
Optional Readonlyreadiness?: { _toKube?: (cont: Container) => Probe }Determines when the container is ready to serve traffic.
Optional Readonlystartup?: { _toKube?: (cont: Container) => Probe }StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully
OptionalreplicaCount?: numberOptionalresources?: {Optional ReadonlyrestartPolicy?: RestartPolicyRestart policy for all containers within the pod.
Optionalscaling?: {Optional ReadonlycpuUtilPercent?: numberOptional Readonlyhpa?: {Escape hatch
Optional ReadonlymaxReplicas?: numberThe maximum number of replicas that can be scaled up to.
Optional Readonlymetadata?: {Metadata that all persisted resources must have, which includes all objects users must create.
Optional Readonlyannotations?: { [key: ...]: ... }Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.
Optional Readonlyfinalizers?: (...)[]Namespaced keys that tell Kubernetes to wait until specific conditions are met before it fully deletes resources marked for deletion.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
Optional Readonlylabels?: { [key: ...]: ... }Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services.
Optional Readonlyname?: stringThe unique, namespace-global, name of this object inside the Kubernetes cluster.
Normally, you shouldn't specify names for objects and let the CDK generate a name for you that is application-unique. The names CDK generates are composed from the construct path components, separated by dots and a suffix that is based on a hash of the entire path, to ensure uniqueness.
You can supply custom name allocation logic by overriding the
chart.generateObjectName method.
If you use an explicit name here, bear in mind that this reduces the composability of your construct because it won't be possible to include more than one instance in any app. Therefore it is highly recommended to leave this unspecified.
Optional Readonlynamespace?: stringNamespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
Optional ReadonlyownerReferences?: (...)[]List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
Kubernetes sets the value of this field automatically for objects that are dependents of other objects like ReplicaSets, DaemonSets, Deployments, Jobs and CronJobs, and ReplicationControllers. You can also configure these relationships manually by changing the value of this field. However, you usually don't need to and can allow Kubernetes to automatically manage the relationships.
Optional Readonlymetrics?: Metric[]The metric conditions that trigger a scale up or scale down.
Optional ReadonlyminReplicas?: numberThe minimum number of replicas that can be scaled down to.
Can be set to 0 if the alpha feature gate HPAScaleToZero is enabled and
at least one Object or External metric is configured.
Optional ReadonlyscaleDown?: {The scaling behavior when scaling down.
Optional Readonlypolicies?: (...)[]The scaling policies.
Optional ReadonlystabilizationWindow?: {Defines the window of past metrics that the autoscaler should consider when calculating wether or not autoscaling should occur.
Minimum duration is 1 second, max is 1 hour.
Optional Readonlystrategy?: ScalingStrategyThe strategy to use when scaling.
Optional ReadonlyscaleUp?: {The scaling behavior when scaling up.
Optional Readonlypolicies?: (...)[]The scaling policies.
Optional ReadonlystabilizationWindow?: {Defines the window of past metrics that the autoscaler should consider when calculating wether or not autoscaling should occur.
Minimum duration is 1 second, max is 1 hour.
Optional Readonlystrategy?: ScalingStrategyThe strategy to use when scaling.
Optional Readonlytarget?: {The workload to scale up or down.
Scalable workload types:
OptionalhasAutoscaler?: booleanIf this is a target of an autoscaler.
OptionalmarkHasAutoscaler?: () => ...OptionaltoScalingTarget?: () => ...Optional ReadonlymaxReplicas?: numberOptional ReadonlymemUtilPercent?: numberOptional ReadonlyminReplicas?: numberOptional Readonlytarget?: {OptionalhasAutoscaler?: booleanIf this is a target of an autoscaler.
OptionalmarkHasAutoscaler?: () => voidOptionaltoScalingTarget?: () => ScalingTargetOptional ReadonlysecurityContext?: {SecurityContext holds pod-level security attributes and common container settings.
Optional ReadonlyensureNonRoot?: booleanIndicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does.
Optional ReadonlyfsGroup?: numberModify the ownership and permissions of pod volumes to this GID.
Optional ReadonlyfsGroupChangePolicy?: FsGroupChangePolicyDefines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir.
Optional Readonlygroup?: numberThe GID to run the entrypoint of the container process.
Optional Readonlysysctls?: Sysctl[]Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch.
Optional Readonlyuser?: numberThe UID to run the entrypoint of the container process.
Optional Readonlyselect?: booleanAutomatically allocates a pod label selector for this workload and add it to the pod metadata. This ensures this workload manages pods created by its pod template.
Optional ReadonlyserviceAccount?: {A service account provides an identity for processes that run in a Pod.
When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).
Optional ReadonlyapiGroup?: stringThe group portion of the API version (e.g. authorization.k8s.io).
Optional ReadonlyapiVersion?: stringThe object's API version (e.g. "authorization.k8s.io/v1")
Optional Readonlykind?: stringThe object kind (e.g. "Deployment").
Optional Readonlyname?: stringThe Kubernetes name of this resource.
Optional Readonlynode?: {The tree node.
OptionaladdDependency?: (...deps: IDependable[]) => voidOptionaladdMetadata?: (type: string, data: any, options?: MetadataOptions) => voidOptionaladdr?: stringOptionaladdValidation?: (validation: IValidation) => voidOptionalchildren?: IConstruct[]OptionaldefaultChild?: {Optional Readonlynode?: { readonly scope?: { readonly node?: ... | undefined; } | undefined; readonly id?: string | undefined; readonly path?: string | undefined; readonly addr?: string | undefined; tryFindChild?: ((id: string) => IConstruct | undefined) | undefined; ... 18 more ...; lock?: (() => void) | undefined; } | undefinedThe tree node.
Optionaldependencies?: IConstruct[]OptionalfindAll?: (order?: ConstructOrder) => IConstruct[]OptionalfindChild?: (id: string) => IConstructOptionalgetAllContext?: (defaults?: object) => anyOptionalgetContext?: (key: string) => anyOptional Readonlyid?: stringThe id of this construct within the current scope.
This is a scope-unique id. To obtain an app-unique id for this construct, use addr.
Optionallock?: () => voidOptionallocked?: booleanOptionalmetadata?: MetadataEntry[]Optionalpath?: stringOptionalroot?: {Optional Readonlynode?: { readonly scope?: { readonly node?: ... | undefined; } | undefined; readonly id?: string | undefined; readonly path?: string | undefined; readonly addr?: string | undefined; tryFindChild?: ((id: string) => IConstruct | undefined) | undefined; ... 18 more ...; lock?: (() => void) | undefined; } | undefinedThe tree node.
Optional Readonlyscope?: {Returns the scope in which this construct is defined.
The value is undefined at the root of the construct scope tree.
Optional Readonlynode?: { readonly scope?: { readonly node?: ... | undefined; } | undefined; readonly id?: string | undefined; readonly path?: string | undefined; readonly addr?: string | undefined; tryFindChild?: ((id: string) => IConstruct | undefined) | undefined; ... 18 more ...; lock?: (() => void) | undefined; } | undefinedThe tree node.
Optionalscopes?: IConstruct[]OptionalsetContext?: (key: string, value: any) => voidOptionaltryFindChild?: (id: string) => undefined | IConstructOptionaltryGetContext?: (key: string) => anyOptionaltryRemoveChild?: (childName: string) => booleanOptionalvalidate?: () => string[]Optional ReadonlyresourceName?: stringThe unique, namespace-global, name of an object inside the Kubernetes cluster.
If this is omitted, the ApiResource should represent all objects of the given type.
Optional ReadonlyresourceType?: stringThe name of a resource type as it appears in the relevant API endpoint.
OptionaltoSubjectConfiguration?: () => SubjectConfigurationOptional ReadonlyshareProcessNamespace?: booleanWhen process namespace sharing is enabled, processes in a container are visible to all other containers in the same pod.
Optional Readonlyspread?: booleanAutomatically spread pods across hostname and zones.
Optional ReadonlyterminationGracePeriod?: {Grace period until the pod is terminated
OptionaltoDays?: (opts?: TimeConversionOptions) => numberOptionaltoHours?: (opts?: TimeConversionOptions) => numberOptionaltoHumanString?: () => stringOptionaltoIsoString?: () => stringOptionaltoMilliseconds?: (opts?: TimeConversionOptions) => numberOptionaltoMinutes?: (opts?: TimeConversionOptions) => numberOptionaltoSeconds?: (opts?: TimeConversionOptions) => numberOptionalunitLabel?: () => stringOptionalverticalScaling?: { enabled?: boolean; policies?: ContainerPolicy[] }Optional Readonlyvolumes?: Volume[]List of volumes that can be mounted by containers belonging to the pod.
You can also add volumes later using podSpec.addVolume()
OptionalapiAppConfig?: {OptionalapiAppSecrets?: {OptionalapiImage?: { pullPolicy?: string; repository?: string; tag?: string }Optionalasgi?: {Optional ReadonlyautomountServiceAccountToken?: booleanIndicates whether a service account token should be automatically mounted.
OptionalcontainerDefaults?: {Optional Readonlyargs?: string[]Arguments to the entrypoint. The docker image's CMD is used if command is
not provided.
Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not.
Cannot be updated.
Optional Readonlycommand?: string[]Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
Optional ReadonlyenvFrom?: EnvFrom[]List of sources to populate environment variables in the container.
When a key exists in multiple sources, the value associated with
the last source will take precedence. Values defined by the envVariables property
with a duplicate key will take precedence.
Optional ReadonlyenvVariables?: { [key: string]: undefined | { value?: any; valueFrom?: any } }Environment variables to set in the container.
Optional Readonlyimage?: stringDocker image name.
Optional ReadonlyimagePullPolicy?: ImagePullPolicyImage pull policy for this container
Optional Readonlylifecycle?: {Describes actions that the management system should take in response to container lifecycle events.
Optional ReadonlypostStart?: { _toKube?: (cont: ...) => ... }This hook is executed immediately after a container is created. However, there is no guarantee that the hook will execute before the container ENTRYPOINT.
Optional ReadonlypreStop?: { _toKube?: (cont: ...) => ... }This hook is called immediately before a container is terminated due to an API request or management event such as a liveness/startup probe failure, preemption, resource contention and others. A call to the PreStop hook fails if the container is already in a terminated or completed state and the hook must complete before the TERM signal to stop the container can be sent. The Pod's termination grace period countdown begins before the PreStop hook is executed, so regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period. No parameters are passed to the handler.
Optional Readonlyliveness?: { _toKube?: (cont: Container) => Probe }Periodic probe of container liveness. Container will be restarted if the probe fails.
Optional Readonlyname?: stringName of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
Optional Readonlyport?: numberOptional ReadonlyportNumber?: numberNumber of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.
This is a convinience property if all you need a single TCP numbered port.
In case more advanced configuartion is required, use the ports property.
This port is added to the list of ports mentioned in the ports property.
Optional Readonlyports?: ContainerPort[]List of ports to expose from this container.
Optional Readonlyreadiness?: { _toKube?: (cont: Container) => Probe }Determines when the container is ready to serve traffic.
Optional Readonlyresources?: {Compute resources (CPU and memory requests and limits) required by the container
Optional ReadonlyrestartPolicy?: ContainerRestartPolicyKubelet will start init containers with restartPolicy=Always in the order with other init containers, but instead of waiting for its completion, it will wait for the container startup completion Currently, only accepted value is Always
Optional ReadonlysecurityContext?: {SecurityContext defines the security options the container should be run with. If set, the fields override equivalent fields of the pod's security context.
Optional ReadonlyallowPrivilegeEscalation?: booleanWhether a process can gain more privileges than its parent process.
Optional Readonlycapabilities?: { add?: (...)[]; drop?: (...)[] }POSIX capabilities for running containers
Optional Readonlyadd?: (...)[]Added capabilities
Optional Readonlydrop?: (...)[]Removed capabilities
Optional ReadonlyensureNonRoot?: booleanIndicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does.
Optional Readonlygroup?: numberThe GID to run the entrypoint of the container process.
Optional Readonlyprivileged?: booleanRun container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host.
Optional ReadonlyreadOnlyRootFilesystem?: booleanWhether this container has a read-only root filesystem.
Optional ReadonlyseccompProfile?: { localhostProfile?: string; type?: SeccompProfileType }Container's seccomp profile settings. Only one profile source may be set
Optional ReadonlylocalhostProfile?: stringlocalhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
Optional Readonlytype?: SeccompProfileTypeIndicates which kind of seccomp profile will be applied
Optional Readonlyuser?: numberThe UID to run the entrypoint of the container process.
Optional Readonlystartup?: { _toKube?: (cont: Container) => Probe }StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully
Optional ReadonlyvolumeMounts?: VolumeMount[]Pod volumes to mount into the container's filesystem. Cannot be updated.
Optional ReadonlyworkingDir?: stringContainer's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
Optional Readonlycontainers?: ContainerProps[]List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod.
You can add additionnal containers using podSpec.addContainer()
Optional Readonlydns?: {DNS settings for the pod.
Optional Readonlyhostname?: stringSpecifies the hostname of the Pod.
Optional ReadonlyhostnameAsFQDN?: booleanIf true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters to FQDN. If a pod does not have FQDN, this has no effect.
Optional Readonlynameservers?: string[]A list of IP addresses that will be used as DNS servers for the Pod. There can be at most 3 IP addresses specified. When the policy is set to "NONE", the list must contain at least one IP address, otherwise this property is optional. The servers listed will be combined to the base nameservers generated from the specified DNS policy with duplicate addresses removed.
Optional Readonlyoptions?: DnsOption[]List of objects where each object may have a name property (required) and a value property (optional). The contents in this property will be merged to the options generated from the specified DNS policy. Duplicate entries are removed.
Optional Readonlypolicy?: DnsPolicySet DNS policy for the pod.
If policy is set to None, other configuration must be supplied.
Optional Readonlysearches?: string[]A list of DNS search domains for hostname lookup in the Pod. When specified, the provided list will be merged into the base search domain names generated from the chosen DNS policy. Duplicate domain names are removed.
Kubernetes allows for at most 6 search domains.
Optional Readonlysubdomain?: stringIf specified, the fully qualified Pod hostname will be "
Optional ReadonlydockerRegistryAuth?: {A secret containing docker credentials for authenticating to a registry.
Optional ReadonlyapiGroup?: stringThe group portion of the API version (e.g. authorization.k8s.io).
Optional ReadonlyapiVersion?: stringThe object's API version (e.g. "authorization.k8s.io/v1")
OptionalenvValue?: (key: string, options?: EnvValueFromSecretOptions) => EnvValueOptional Readonlykind?: stringThe object kind (e.g. "Deployment").
Optional Readonlyname?: stringThe Kubernetes name of this resource.
Optional Readonlynode?: {The tree node.
OptionaladdDependency?: (...deps: IDependable[]) => voidOptionaladdMetadata?: (type: string, data: any, options?: MetadataOptions) => voidOptionaladdr?: stringOptionaladdValidation?: (validation: IValidation) => voidOptionalchildren?: IConstruct[]OptionaldefaultChild?: {Optional Readonlynode?: { readonly scope?: { readonly node?: ... | undefined; } | undefined; readonly id?: string | undefined; readonly path?: string | undefined; readonly addr?: string | undefined; tryFindChild?: ((id: string) => IConstruct | undefined) | undefined; ... 18 more ...; lock?: (() => void) | undefined; } | undefinedThe tree node.
Optionaldependencies?: IConstruct[]OptionalfindAll?: (order?: ConstructOrder) => IConstruct[]OptionalfindChild?: (id: string) => IConstructOptionalgetAllContext?: (defaults?: object) => anyOptionalgetContext?: (key: string) => anyOptional Readonlyid?: stringThe id of this construct within the current scope.
This is a scope-unique id. To obtain an app-unique id for this construct, use addr.
Optionallock?: () => voidOptionallocked?: booleanOptionalmetadata?: MetadataEntry[]Optionalpath?: stringOptionalroot?: {Optional Readonlynode?: { readonly scope?: { readonly node?: ... | undefined; } | undefined; readonly id?: string | undefined; readonly path?: string | undefined; readonly addr?: string | undefined; tryFindChild?: ((id: string) => IConstruct | undefined) | undefined; ... 18 more ...; lock?: (() => void) | undefined; } | undefinedThe tree node.
Optional Readonlyscope?: {Returns the scope in which this construct is defined.
The value is undefined at the root of the construct scope tree.
Optional Readonlynode?: { readonly scope?: { readonly node?: ... | undefined; } | undefined; readonly id?: string | undefined; readonly path?: string | undefined; readonly addr?: string | undefined; tryFindChild?: ((id: string) => IConstruct | undefined) | undefined; ... 18 more ...; lock?: (() => void) | undefined; } | undefinedThe tree node.
Optionalscopes?: IConstruct[]OptionalsetContext?: (key: string, value: any) => voidOptionaltryFindChild?: (id: string) => undefined | IConstructOptionaltryGetContext?: (key: string) => anyOptionaltryRemoveChild?: (childName: string) => booleanOptionalvalidate?: () => string[]Optional ReadonlyresourceName?: stringThe unique, namespace-global, name of an object inside the Kubernetes cluster.
If this is omitted, the ApiResource should represent all objects of the given type.
Optional ReadonlyresourceType?: stringThe name of a resource type as it appears in the relevant API endpoint.
Optional ReadonlyhostAliases?: HostAlias[]HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file.
Optional ReadonlyhostNetwork?: booleanHost network for the pod.
Optionalimage?: { pullPolicy?: string; repository?: string; tag?: string }Optional ReadonlyinitContainers?: ContainerProps[]List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion.
Init containers cannot currently be added ,removed or updated.
Optional Readonlyisolate?: booleanIsolates the pod. This will prevent any ingress or egress connections to / from this pod.
You can however allow explicit connections post instantiation by using the .connections property.
Optional Readonlymetadata?: {Metadata that all persisted resources must have, which includes all objects users must create.
Optional Readonlyannotations?: { [key: string]: undefined | string }Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.
Optional Readonlyfinalizers?: string[]Namespaced keys that tell Kubernetes to wait until specific conditions are met before it fully deletes resources marked for deletion.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
Optional Readonlylabels?: { [key: string]: undefined | string }Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services.
Optional Readonlyname?: stringThe unique, namespace-global, name of this object inside the Kubernetes cluster.
Normally, you shouldn't specify names for objects and let the CDK generate a name for you that is application-unique. The names CDK generates are composed from the construct path components, separated by dots and a suffix that is based on a hash of the entire path, to ensure uniqueness.
You can supply custom name allocation logic by overriding the
chart.generateObjectName method.
If you use an explicit name here, bear in mind that this reduces the composability of your construct because it won't be possible to include more than one instance in any app. Therefore it is highly recommended to leave this unspecified.
Optional Readonlynamespace?: stringNamespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
Optional ReadonlyownerReferences?: OwnerReference[]List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
Kubernetes sets the value of this field automatically for objects that are dependents of other objects like ReplicaSets, DaemonSets, Deployments, Jobs and CronJobs, and ReplicationControllers. You can also configure these relationships manually by changing the value of this field. However, you usually don't need to and can allow Kubernetes to automatically manage the relationships.
Optional ReadonlypodMetadata?: {The pod metadata of this workload.
Optional Readonlyannotations?: { [key: string]: undefined | string }Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.
Optional Readonlyfinalizers?: string[]Namespaced keys that tell Kubernetes to wait until specific conditions are met before it fully deletes resources marked for deletion.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
Optional Readonlylabels?: { [key: string]: undefined | string }Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services.
Optional Readonlyname?: stringThe unique, namespace-global, name of this object inside the Kubernetes cluster.
Normally, you shouldn't specify names for objects and let the CDK generate a name for you that is application-unique. The names CDK generates are composed from the construct path components, separated by dots and a suffix that is based on a hash of the entire path, to ensure uniqueness.
You can supply custom name allocation logic by overriding the
chart.generateObjectName method.
If you use an explicit name here, bear in mind that this reduces the composability of your construct because it won't be possible to include more than one instance in any app. Therefore it is highly recommended to leave this unspecified.
Optional Readonlynamespace?: stringNamespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
Optional ReadonlyownerReferences?: OwnerReference[]List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
Kubernetes sets the value of this field automatically for objects that are dependents of other objects like ReplicaSets, DaemonSets, Deployments, Jobs and CronJobs, and ReplicationControllers. You can also configure these relationships manually by changing the value of this field. However, you usually don't need to and can allow Kubernetes to automatically manage the relationships.
Optionalprobes?: {Optional Readonlyliveness?: { _toKube?: (cont: Container) => Probe }Periodic probe of container liveness. Container will be restarted if the probe fails.
Optional Readonlyreadiness?: { _toKube?: (cont: Container) => Probe }Determines when the container is ready to serve traffic.
Optional Readonlystartup?: { _toKube?: (cont: Container) => Probe }StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully
OptionalreplicaCount?: numberOptionalresources?: {Optional ReadonlyrestartPolicy?: RestartPolicyRestart policy for all containers within the pod.
Optionalscaling?: {Optional ReadonlycpuUtilPercent?: numberOptional Readonlyhpa?: {Escape hatch
Optional ReadonlymaxReplicas?: numberThe maximum number of replicas that can be scaled up to.
Optional Readonlymetadata?: {Metadata that all persisted resources must have, which includes all objects users must create.
Optional Readonlyannotations?: { [key: ...]: ... }Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.
Optional Readonlyfinalizers?: (...)[]Namespaced keys that tell Kubernetes to wait until specific conditions are met before it fully deletes resources marked for deletion.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
Optional Readonlylabels?: { [key: ...]: ... }Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services.
Optional Readonlyname?: stringThe unique, namespace-global, name of this object inside the Kubernetes cluster.
Normally, you shouldn't specify names for objects and let the CDK generate a name for you that is application-unique. The names CDK generates are composed from the construct path components, separated by dots and a suffix that is based on a hash of the entire path, to ensure uniqueness.
You can supply custom name allocation logic by overriding the
chart.generateObjectName method.
If you use an explicit name here, bear in mind that this reduces the composability of your construct because it won't be possible to include more than one instance in any app. Therefore it is highly recommended to leave this unspecified.
Optional Readonlynamespace?: stringNamespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
Optional ReadonlyownerReferences?: (...)[]List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
Kubernetes sets the value of this field automatically for objects that are dependents of other objects like ReplicaSets, DaemonSets, Deployments, Jobs and CronJobs, and ReplicationControllers. You can also configure these relationships manually by changing the value of this field. However, you usually don't need to and can allow Kubernetes to automatically manage the relationships.
Optional Readonlymetrics?: Metric[]The metric conditions that trigger a scale up or scale down.
Optional ReadonlyminReplicas?: numberThe minimum number of replicas that can be scaled down to.
Can be set to 0 if the alpha feature gate HPAScaleToZero is enabled and
at least one Object or External metric is configured.
Optional ReadonlyscaleDown?: {The scaling behavior when scaling down.
Optional Readonlypolicies?: (...)[]The scaling policies.
Optional ReadonlystabilizationWindow?: {Defines the window of past metrics that the autoscaler should consider when calculating wether or not autoscaling should occur.
Minimum duration is 1 second, max is 1 hour.
Optional Readonlystrategy?: ScalingStrategyThe strategy to use when scaling.
Optional ReadonlyscaleUp?: {The scaling behavior when scaling up.
Optional Readonlypolicies?: (...)[]The scaling policies.
Optional ReadonlystabilizationWindow?: {Defines the window of past metrics that the autoscaler should consider when calculating wether or not autoscaling should occur.
Minimum duration is 1 second, max is 1 hour.
Optional Readonlystrategy?: ScalingStrategyThe strategy to use when scaling.
Optional Readonlytarget?: {The workload to scale up or down.
Scalable workload types:
OptionalhasAutoscaler?: booleanIf this is a target of an autoscaler.
OptionalmarkHasAutoscaler?: () => ...OptionaltoScalingTarget?: () => ...Optional ReadonlymaxReplicas?: numberOptional ReadonlymemUtilPercent?: numberOptional ReadonlyminReplicas?: numberOptional Readonlytarget?: {OptionalhasAutoscaler?: booleanIf this is a target of an autoscaler.
OptionalmarkHasAutoscaler?: () => voidOptionaltoScalingTarget?: () => ScalingTargetOptional ReadonlysecurityContext?: {SecurityContext holds pod-level security attributes and common container settings.
Optional ReadonlyensureNonRoot?: booleanIndicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does.
Optional ReadonlyfsGroup?: numberModify the ownership and permissions of pod volumes to this GID.
Optional ReadonlyfsGroupChangePolicy?: FsGroupChangePolicyDefines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir.
Optional Readonlygroup?: numberThe GID to run the entrypoint of the container process.
Optional Readonlysysctls?: Sysctl[]Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch.
Optional Readonlyuser?: numberThe UID to run the entrypoint of the container process.
Optional Readonlyselect?: booleanAutomatically allocates a pod label selector for this workload and add it to the pod metadata. This ensures this workload manages pods created by its pod template.
Optional ReadonlyserviceAccount?: {A service account provides an identity for processes that run in a Pod.
When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).
Optional ReadonlyapiGroup?: stringThe group portion of the API version (e.g. authorization.k8s.io).
Optional ReadonlyapiVersion?: stringThe object's API version (e.g. "authorization.k8s.io/v1")
Optional Readonlykind?: stringThe object kind (e.g. "Deployment").
Optional Readonlyname?: stringThe Kubernetes name of this resource.
Optional Readonlynode?: {The tree node.
OptionaladdDependency?: (...deps: IDependable[]) => voidOptionaladdMetadata?: (type: string, data: any, options?: MetadataOptions) => voidOptionaladdr?: stringOptionaladdValidation?: (validation: IValidation) => voidOptionalchildren?: IConstruct[]OptionaldefaultChild?: {Optional Readonlynode?: { readonly scope?: { readonly node?: ... | undefined; } | undefined; readonly id?: string | undefined; readonly path?: string | undefined; readonly addr?: string | undefined; tryFindChild?: ((id: string) => IConstruct | undefined) | undefined; ... 18 more ...; lock?: (() => void) | undefined; } | undefinedThe tree node.
Optionaldependencies?: IConstruct[]OptionalfindAll?: (order?: ConstructOrder) => IConstruct[]OptionalfindChild?: (id: string) => IConstructOptionalgetAllContext?: (defaults?: object) => anyOptionalgetContext?: (key: string) => anyOptional Readonlyid?: stringThe id of this construct within the current scope.
This is a scope-unique id. To obtain an app-unique id for this construct, use addr.
Optionallock?: () => voidOptionallocked?: booleanOptionalmetadata?: MetadataEntry[]Optionalpath?: stringOptionalroot?: {Optional Readonlynode?: { readonly scope?: { readonly node?: ... | undefined; } | undefined; readonly id?: string | undefined; readonly path?: string | undefined; readonly addr?: string | undefined; tryFindChild?: ((id: string) => IConstruct | undefined) | undefined; ... 18 more ...; lock?: (() => void) | undefined; } | undefinedThe tree node.
Optional Readonlyscope?: {Returns the scope in which this construct is defined.
The value is undefined at the root of the construct scope tree.
Optional Readonlynode?: { readonly scope?: { readonly node?: ... | undefined; } | undefined; readonly id?: string | undefined; readonly path?: string | undefined; readonly addr?: string | undefined; tryFindChild?: ((id: string) => IConstruct | undefined) | undefined; ... 18 more ...; lock?: (() => void) | undefined; } | undefinedThe tree node.
Optionalscopes?: IConstruct[]OptionalsetContext?: (key: string, value: any) => voidOptionaltryFindChild?: (id: string) => undefined | IConstructOptionaltryGetContext?: (key: string) => anyOptionaltryRemoveChild?: (childName: string) => booleanOptionalvalidate?: () => string[]Optional ReadonlyresourceName?: stringThe unique, namespace-global, name of an object inside the Kubernetes cluster.
If this is omitted, the ApiResource should represent all objects of the given type.
Optional ReadonlyresourceType?: stringThe name of a resource type as it appears in the relevant API endpoint.
OptionaltoSubjectConfiguration?: () => SubjectConfigurationOptional ReadonlyshareProcessNamespace?: booleanWhen process namespace sharing is enabled, processes in a container are visible to all other containers in the same pod.
Optional Readonlyspread?: booleanAutomatically spread pods across hostname and zones.
Optional ReadonlyterminationGracePeriod?: {Grace period until the pod is terminated
OptionaltoDays?: (opts?: TimeConversionOptions) => numberOptionaltoHours?: (opts?: TimeConversionOptions) => numberOptionaltoHumanString?: () => stringOptionaltoIsoString?: () => stringOptionaltoMilliseconds?: (opts?: TimeConversionOptions) => numberOptionaltoMinutes?: (opts?: TimeConversionOptions) => numberOptionaltoSeconds?: (opts?: TimeConversionOptions) => numberOptionalunitLabel?: () => stringOptionalverticalScaling?: { enabled?: boolean; policies?: ContainerPolicy[] }Optional Readonlyvolumes?: Volume[]List of volumes that can be mounted by containers belonging to the pod.
You can also add volumes later using podSpec.addVolume()
Optionalworkers?: numberOptionalcelery?: {OptionalceleryBeat?: {Optional ReadonlyautomountServiceAccountToken?: booleanIndicates whether a service account token should be automatically mounted.
OptionalcontainerDefaults?: {Optional Readonlyargs?: string[]Arguments to the entrypoint. The docker image's CMD is used if command is
not provided.
Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not.
Cannot be updated.
Optional Readonlycommand?: string[]Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
Optional ReadonlyenvFrom?: EnvFrom[]List of sources to populate environment variables in the container.
When a key exists in multiple sources, the value associated with
the last source will take precedence. Values defined by the envVariables property
with a duplicate key will take precedence.
Optional ReadonlyenvVariables?: { [key: string]: undefined | { value?: any; valueFrom?: any } }Environment variables to set in the container.
Optional Readonlyimage?: stringDocker image name.
Optional ReadonlyimagePullPolicy?: ImagePullPolicyImage pull policy for this container
Optional Readonlylifecycle?: {Describes actions that the management system should take in response to container lifecycle events.
Optional ReadonlypostStart?: { _toKube?: (cont: ...) => ... }This hook is executed immediately after a container is created. However, there is no guarantee that the hook will execute before the container ENTRYPOINT.
Optional ReadonlypreStop?: { _toKube?: (cont: ...) => ... }This hook is called immediately before a container is terminated due to an API request or management event such as a liveness/startup probe failure, preemption, resource contention and others. A call to the PreStop hook fails if the container is already in a terminated or completed state and the hook must complete before the TERM signal to stop the container can be sent. The Pod's termination grace period countdown begins before the PreStop hook is executed, so regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period. No parameters are passed to the handler.
Optional Readonlyliveness?: { _toKube?: (cont: Container) => Probe }Periodic probe of container liveness. Container will be restarted if the probe fails.
Optional Readonlyname?: stringName of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
Optional Readonlyport?: numberOptional ReadonlyportNumber?: numberNumber of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.
This is a convinience property if all you need a single TCP numbered port.
In case more advanced configuartion is required, use the ports property.
This port is added to the list of ports mentioned in the ports property.
Optional Readonlyports?: ContainerPort[]List of ports to expose from this container.
Optional Readonlyreadiness?: { _toKube?: (cont: Container) => Probe }Determines when the container is ready to serve traffic.
Optional Readonlyresources?: {Compute resources (CPU and memory requests and limits) required by the container
Optional ReadonlyrestartPolicy?: ContainerRestartPolicyKubelet will start init containers with restartPolicy=Always in the order with other init containers, but instead of waiting for its completion, it will wait for the container startup completion Currently, only accepted value is Always
Optional ReadonlysecurityContext?: {SecurityContext defines the security options the container should be run with. If set, the fields override equivalent fields of the pod's security context.
Optional ReadonlyallowPrivilegeEscalation?: booleanWhether a process can gain more privileges than its parent process.
Optional Readonlycapabilities?: { add?: (...)[]; drop?: (...)[] }POSIX capabilities for running containers
Optional Readonlyadd?: (...)[]Added capabilities
Optional Readonlydrop?: (...)[]Removed capabilities
Optional ReadonlyensureNonRoot?: booleanIndicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does.
Optional Readonlygroup?: numberThe GID to run the entrypoint of the container process.
Optional Readonlyprivileged?: booleanRun container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host.
Optional ReadonlyreadOnlyRootFilesystem?: booleanWhether this container has a read-only root filesystem.
Optional ReadonlyseccompProfile?: { localhostProfile?: string; type?: SeccompProfileType }Container's seccomp profile settings. Only one profile source may be set
Optional ReadonlylocalhostProfile?: stringlocalhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
Optional Readonlytype?: SeccompProfileTypeIndicates which kind of seccomp profile will be applied
Optional Readonlyuser?: numberThe UID to run the entrypoint of the container process.
Optional Readonlystartup?: { _toKube?: (cont: Container) => Probe }StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully
Optional ReadonlyvolumeMounts?: VolumeMount[]Pod volumes to mount into the container's filesystem. Cannot be updated.
Optional ReadonlyworkingDir?: stringContainer's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
Optional Readonlycontainers?: ContainerProps[]List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod.
You can add additionnal containers using podSpec.addContainer()
Optional Readonlydns?: {DNS settings for the pod.
Optional Readonlyhostname?: stringSpecifies the hostname of the Pod.
Optional ReadonlyhostnameAsFQDN?: booleanIf true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters to FQDN. If a pod does not have FQDN, this has no effect.
Optional Readonlynameservers?: string[]A list of IP addresses that will be used as DNS servers for the Pod. There can be at most 3 IP addresses specified. When the policy is set to "NONE", the list must contain at least one IP address, otherwise this property is optional. The servers listed will be combined to the base nameservers generated from the specified DNS policy with duplicate addresses removed.
Optional Readonlyoptions?: DnsOption[]List of objects where each object may have a name property (required) and a value property (optional). The contents in this property will be merged to the options generated from the specified DNS policy. Duplicate entries are removed.
Optional Readonlypolicy?: DnsPolicySet DNS policy for the pod.
If policy is set to None, other configuration must be supplied.
Optional Readonlysearches?: string[]A list of DNS search domains for hostname lookup in the Pod. When specified, the provided list will be merged into the base search domain names generated from the chosen DNS policy. Duplicate domain names are removed.
Kubernetes allows for at most 6 search domains.
Optional Readonlysubdomain?: stringIf specified, the fully qualified Pod hostname will be "
Optional ReadonlydockerRegistryAuth?: {A secret containing docker credentials for authenticating to a registry.
Optional ReadonlyapiGroup?: stringThe group portion of the API version (e.g. authorization.k8s.io).
Optional ReadonlyapiVersion?: stringThe object's API version (e.g. "authorization.k8s.io/v1")
OptionalenvValue?: (key: string, options?: EnvValueFromSecretOptions) => EnvValueOptional Readonlykind?: stringThe object kind (e.g. "Deployment").
Optional Readonlyname?: stringThe Kubernetes name of this resource.
Optional Readonlynode?: {The tree node.
OptionaladdDependency?: (...deps: IDependable[]) => voidOptionaladdMetadata?: (type: string, data: any, options?: MetadataOptions) => voidOptionaladdr?: stringOptionaladdValidation?: (validation: IValidation) => voidOptionalchildren?: IConstruct[]OptionaldefaultChild?: {Optional Readonlynode?: { readonly scope?: { readonly node?: ... | undefined; } | undefined; readonly id?: string | undefined; readonly path?: string | undefined; readonly addr?: string | undefined; tryFindChild?: ((id: string) => IConstruct | undefined) | undefined; ... 18 more ...; lock?: (() => void) | undefined; } | undefinedThe tree node.
Optionaldependencies?: IConstruct[]OptionalfindAll?: (order?: ConstructOrder) => IConstruct[]OptionalfindChild?: (id: string) => IConstructOptionalgetAllContext?: (defaults?: object) => anyOptionalgetContext?: (key: string) => anyOptional Readonlyid?: stringThe id of this construct within the current scope.
This is a scope-unique id. To obtain an app-unique id for this construct, use addr.
Optionallock?: () => voidOptionallocked?: booleanOptionalmetadata?: MetadataEntry[]Optionalpath?: stringOptionalroot?: {Optional Readonlynode?: { readonly scope?: { readonly node?: ... | undefined; } | undefined; readonly id?: string | undefined; readonly path?: string | undefined; readonly addr?: string | undefined; tryFindChild?: ((id: string) => IConstruct | undefined) | undefined; ... 18 more ...; lock?: (() => void) | undefined; } | undefinedThe tree node.
Optional Readonlyscope?: {Returns the scope in which this construct is defined.
The value is undefined at the root of the construct scope tree.
Optional Readonlynode?: { readonly scope?: { readonly node?: ... | undefined; } | undefined; readonly id?: string | undefined; readonly path?: string | undefined; readonly addr?: string | undefined; tryFindChild?: ((id: string) => IConstruct | undefined) | undefined; ... 18 more ...; lock?: (() => void) | undefined; } | undefinedThe tree node.
Optionalscopes?: IConstruct[]OptionalsetContext?: (key: string, value: any) => voidOptionaltryFindChild?: (id: string) => undefined | IConstructOptionaltryGetContext?: (key: string) => anyOptionaltryRemoveChild?: (childName: string) => booleanOptionalvalidate?: () => string[]Optional ReadonlyresourceName?: stringThe unique, namespace-global, name of an object inside the Kubernetes cluster.
If this is omitted, the ApiResource should represent all objects of the given type.
Optional ReadonlyresourceType?: stringThe name of a resource type as it appears in the relevant API endpoint.
Optional ReadonlyhostAliases?: HostAlias[]HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file.
Optional ReadonlyhostNetwork?: booleanHost network for the pod.
Optionalimage?: { pullPolicy?: string; repository?: string; tag?: string }Optional ReadonlyinitContainers?: ContainerProps[]List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion.
Init containers cannot currently be added ,removed or updated.
Optional Readonlyisolate?: booleanIsolates the pod. This will prevent any ingress or egress connections to / from this pod.
You can however allow explicit connections post instantiation by using the .connections property.
Optional Readonlymetadata?: {Metadata that all persisted resources must have, which includes all objects users must create.
Optional Readonlyannotations?: { [key: string]: undefined | string }Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.
Optional Readonlyfinalizers?: string[]Namespaced keys that tell Kubernetes to wait until specific conditions are met before it fully deletes resources marked for deletion.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
Optional Readonlylabels?: { [key: string]: undefined | string }Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services.
Optional Readonlyname?: stringThe unique, namespace-global, name of this object inside the Kubernetes cluster.
Normally, you shouldn't specify names for objects and let the CDK generate a name for you that is application-unique. The names CDK generates are composed from the construct path components, separated by dots and a suffix that is based on a hash of the entire path, to ensure uniqueness.
You can supply custom name allocation logic by overriding the
chart.generateObjectName method.
If you use an explicit name here, bear in mind that this reduces the composability of your construct because it won't be possible to include more than one instance in any app. Therefore it is highly recommended to leave this unspecified.
Optional Readonlynamespace?: stringNamespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
Optional ReadonlyownerReferences?: OwnerReference[]List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
Kubernetes sets the value of this field automatically for objects that are dependents of other objects like ReplicaSets, DaemonSets, Deployments, Jobs and CronJobs, and ReplicationControllers. You can also configure these relationships manually by changing the value of this field. However, you usually don't need to and can allow Kubernetes to automatically manage the relationships.
Optional ReadonlypodMetadata?: {The pod metadata of this workload.
Optional Readonlyannotations?: { [key: string]: undefined | string }Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.
Optional Readonlyfinalizers?: string[]Namespaced keys that tell Kubernetes to wait until specific conditions are met before it fully deletes resources marked for deletion.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
Optional Readonlylabels?: { [key: string]: undefined | string }Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services.
Optional Readonlyname?: stringThe unique, namespace-global, name of this object inside the Kubernetes cluster.
Normally, you shouldn't specify names for objects and let the CDK generate a name for you that is application-unique. The names CDK generates are composed from the construct path components, separated by dots and a suffix that is based on a hash of the entire path, to ensure uniqueness.
You can supply custom name allocation logic by overriding the
chart.generateObjectName method.
If you use an explicit name here, bear in mind that this reduces the composability of your construct because it won't be possible to include more than one instance in any app. Therefore it is highly recommended to leave this unspecified.
Optional Readonlynamespace?: stringNamespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
Optional ReadonlyownerReferences?: OwnerReference[]List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
Kubernetes sets the value of this field automatically for objects that are dependents of other objects like ReplicaSets, DaemonSets, Deployments, Jobs and CronJobs, and ReplicationControllers. You can also configure these relationships manually by changing the value of this field. However, you usually don't need to and can allow Kubernetes to automatically manage the relationships.
Optionalprobes?: {Optional Readonlyliveness?: { _toKube?: (cont: Container) => Probe }Periodic probe of container liveness. Container will be restarted if the probe fails.
Optional Readonlyreadiness?: { _toKube?: (cont: Container) => Probe }Determines when the container is ready to serve traffic.
Optional Readonlystartup?: { _toKube?: (cont: Container) => Probe }StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully
OptionalreplicaCount?: numberOptionalresources?: {Optional ReadonlyrestartPolicy?: RestartPolicyRestart policy for all containers within the pod.
Optionalscaling?: {Optional ReadonlycpuUtilPercent?: numberOptional Readonlyhpa?: {Escape hatch
Optional ReadonlymaxReplicas?: numberThe maximum number of replicas that can be scaled up to.
Optional Readonlymetadata?: {Metadata that all persisted resources must have, which includes all objects users must create.
Optional Readonlyannotations?: { [key: ...]: ... }Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.
Optional Readonlyfinalizers?: (...)[]Namespaced keys that tell Kubernetes to wait until specific conditions are met before it fully deletes resources marked for deletion.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
Optional Readonlylabels?: { [key: ...]: ... }Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services.
Optional Readonlyname?: stringThe unique, namespace-global, name of this object inside the Kubernetes cluster.
Normally, you shouldn't specify names for objects and let the CDK generate a name for you that is application-unique. The names CDK generates are composed from the construct path components, separated by dots and a suffix that is based on a hash of the entire path, to ensure uniqueness.
You can supply custom name allocation logic by overriding the
chart.generateObjectName method.
If you use an explicit name here, bear in mind that this reduces the composability of your construct because it won't be possible to include more than one instance in any app. Therefore it is highly recommended to leave this unspecified.
Optional Readonlynamespace?: stringNamespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
Optional ReadonlyownerReferences?: (...)[]List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
Kubernetes sets the value of this field automatically for objects that are dependents of other objects like ReplicaSets, DaemonSets, Deployments, Jobs and CronJobs, and ReplicationControllers. You can also configure these relationships manually by changing the value of this field. However, you usually don't need to and can allow Kubernetes to automatically manage the relationships.
Optional Readonlymetrics?: Metric[]The metric conditions that trigger a scale up or scale down.
Optional ReadonlyminReplicas?: numberThe minimum number of replicas that can be scaled down to.
Can be set to 0 if the alpha feature gate HPAScaleToZero is enabled and
at least one Object or External metric is configured.
Optional ReadonlyscaleDown?: {The scaling behavior when scaling down.
Optional Readonlypolicies?: (...)[]The scaling policies.
Optional ReadonlystabilizationWindow?: {Defines the window of past metrics that the autoscaler should consider when calculating wether or not autoscaling should occur.
Minimum duration is 1 second, max is 1 hour.
Optional Readonlystrategy?: ScalingStrategyThe strategy to use when scaling.
Optional ReadonlyscaleUp?: {The scaling behavior when scaling up.
Optional Readonlypolicies?: (...)[]The scaling policies.
Optional ReadonlystabilizationWindow?: {Defines the window of past metrics that the autoscaler should consider when calculating wether or not autoscaling should occur.
Minimum duration is 1 second, max is 1 hour.
Optional Readonlystrategy?: ScalingStrategyThe strategy to use when scaling.
Optional Readonlytarget?: {The workload to scale up or down.
Scalable workload types:
OptionalhasAutoscaler?: booleanIf this is a target of an autoscaler.
OptionalmarkHasAutoscaler?: () => ...OptionaltoScalingTarget?: () => ...Optional ReadonlymaxReplicas?: numberOptional ReadonlymemUtilPercent?: numberOptional ReadonlyminReplicas?: numberOptional Readonlytarget?: {OptionalhasAutoscaler?: booleanIf this is a target of an autoscaler.
OptionalmarkHasAutoscaler?: () => voidOptionaltoScalingTarget?: () => ScalingTargetOptional ReadonlysecurityContext?: {SecurityContext holds pod-level security attributes and common container settings.
Optional ReadonlyensureNonRoot?: booleanIndicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does.
Optional ReadonlyfsGroup?: numberModify the ownership and permissions of pod volumes to this GID.
Optional ReadonlyfsGroupChangePolicy?: FsGroupChangePolicyDefines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir.
Optional Readonlygroup?: numberThe GID to run the entrypoint of the container process.
Optional Readonlysysctls?: Sysctl[]Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch.
Optional Readonlyuser?: numberThe UID to run the entrypoint of the container process.
Optional Readonlyselect?: booleanAutomatically allocates a pod label selector for this workload and add it to the pod metadata. This ensures this workload manages pods created by its pod template.
Optional ReadonlyserviceAccount?: {A service account provides an identity for processes that run in a Pod.
When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).
Optional ReadonlyapiGroup?: stringThe group portion of the API version (e.g. authorization.k8s.io).
Optional ReadonlyapiVersion?: stringThe object's API version (e.g. "authorization.k8s.io/v1")
Optional Readonlykind?: stringThe object kind (e.g. "Deployment").
Optional Readonlyname?: stringThe Kubernetes name of this resource.
Optional Readonlynode?: {The tree node.
OptionaladdDependency?: (...deps: IDependable[]) => voidOptionaladdMetadata?: (type: string, data: any, options?: MetadataOptions) => voidOptionaladdr?: stringOptionaladdValidation?: (validation: IValidation) => voidOptionalchildren?: IConstruct[]OptionaldefaultChild?: {Optional Readonlynode?: { readonly scope?: { readonly node?: ... | undefined; } | undefined; readonly id?: string | undefined; readonly path?: string | undefined; readonly addr?: string | undefined; tryFindChild?: ((id: string) => IConstruct | undefined) | undefined; ... 18 more ...; lock?: (() => void) | undefined; } | undefinedThe tree node.
Optionaldependencies?: IConstruct[]OptionalfindAll?: (order?: ConstructOrder) => IConstruct[]OptionalfindChild?: (id: string) => IConstructOptionalgetAllContext?: (defaults?: object) => anyOptionalgetContext?: (key: string) => anyOptional Readonlyid?: stringThe id of this construct within the current scope.
This is a scope-unique id. To obtain an app-unique id for this construct, use addr.
Optionallock?: () => voidOptionallocked?: booleanOptionalmetadata?: MetadataEntry[]Optionalpath?: stringOptionalroot?: {Optional Readonlynode?: { readonly scope?: { readonly node?: ... | undefined; } | undefined; readonly id?: string | undefined; readonly path?: string | undefined; readonly addr?: string | undefined; tryFindChild?: ((id: string) => IConstruct | undefined) | undefined; ... 18 more ...; lock?: (() => void) | undefined; } | undefinedThe tree node.
Optional Readonlyscope?: {Returns the scope in which this construct is defined.
The value is undefined at the root of the construct scope tree.
Optional Readonlynode?: { readonly scope?: { readonly node?: ... | undefined; } | undefined; readonly id?: string | undefined; readonly path?: string | undefined; readonly addr?: string | undefined; tryFindChild?: ((id: string) => IConstruct | undefined) | undefined; ... 18 more ...; lock?: (() => void) | undefined; } | undefinedThe tree node.
Optionalscopes?: IConstruct[]OptionalsetContext?: (key: string, value: any) => voidOptionaltryFindChild?: (id: string) => undefined | IConstructOptionaltryGetContext?: (key: string) => anyOptionaltryRemoveChild?: (childName: string) => booleanOptionalvalidate?: () => string[]Optional ReadonlyresourceName?: stringThe unique, namespace-global, name of an object inside the Kubernetes cluster.
If this is omitted, the ApiResource should represent all objects of the given type.
Optional ReadonlyresourceType?: stringThe name of a resource type as it appears in the relevant API endpoint.
OptionaltoSubjectConfiguration?: () => SubjectConfigurationOptional ReadonlyshareProcessNamespace?: booleanWhen process namespace sharing is enabled, processes in a container are visible to all other containers in the same pod.
Optional Readonlyspread?: booleanAutomatically spread pods across hostname and zones.
Optional ReadonlyterminationGracePeriod?: {Grace period until the pod is terminated
OptionaltoDays?: (opts?: TimeConversionOptions) => numberOptionaltoHours?: (opts?: TimeConversionOptions) => numberOptionaltoHumanString?: () => stringOptionaltoIsoString?: () => stringOptionaltoMilliseconds?: (opts?: TimeConversionOptions) => numberOptionaltoMinutes?: (opts?: TimeConversionOptions) => numberOptionaltoSeconds?: (opts?: TimeConversionOptions) => numberOptionalunitLabel?: () => stringOptionalverticalScaling?: { enabled?: boolean; policies?: ContainerPolicy[] }Optional Readonlyvolumes?: Volume[]List of volumes that can be mounted by containers belonging to the pod.
You can also add volumes later using podSpec.addVolume()
Optional ReadonlydisableResourceNameHashes?: booleanThe autogenerated resource name by default is suffixed with a stable hash of the construct path. Setting this property to true drops the hash suffix.
OptionaldomainName?: stringOptionalingressAnnotations?: { [key: string]: undefined | string }Optional Readonlylabels?: { [key: string]: undefined | string }Labels to apply to all resources in this chart.
Optional Readonlynamespace?: stringThe default namespace for all objects defined in this chart (directly or
indirectly). This namespace will only apply to objects that don't have a
namespace explicitly defined for them.
Optionalsync?: {Optional ReadonlyactiveDeadline?: {Specifies the duration the job may be active before the system tries to terminate it.
OptionaltoDays?: (opts?: TimeConversionOptions) => numberOptionaltoHours?: (opts?: TimeConversionOptions) => numberOptionaltoHumanString?: () => stringOptionaltoIsoString?: () => stringOptionaltoMilliseconds?: (opts?: TimeConversionOptions) => numberOptionaltoMinutes?: (opts?: TimeConversionOptions) => numberOptionaltoSeconds?: (opts?: TimeConversionOptions) => numberOptionalunitLabel?: () => stringOptional ReadonlyautomountServiceAccountToken?: booleanIndicates whether a service account token should be automatically mounted.
Optional ReadonlybackoffLimit?: numberSpecifies the number of retries before marking this job failed.
Optional ReadonlyconcurrencyPolicy?: ConcurrencyPolicySpecifies the concurrency policy for the job.
Optional Readonlycontainers?: ContainerProps[]List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod.
You can add additionnal containers using podSpec.addContainer()
Optional Readonlydns?: {DNS settings for the pod.
Optional Readonlyhostname?: stringSpecifies the hostname of the Pod.
Optional ReadonlyhostnameAsFQDN?: booleanIf true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters to FQDN. If a pod does not have FQDN, this has no effect.
Optional Readonlynameservers?: string[]A list of IP addresses that will be used as DNS servers for the Pod. There can be at most 3 IP addresses specified. When the policy is set to "NONE", the list must contain at least one IP address, otherwise this property is optional. The servers listed will be combined to the base nameservers generated from the specified DNS policy with duplicate addresses removed.
Optional Readonlyoptions?: DnsOption[]List of objects where each object may have a name property (required) and a value property (optional). The contents in this property will be merged to the options generated from the specified DNS policy. Duplicate entries are removed.
Optional Readonlypolicy?: DnsPolicySet DNS policy for the pod.
If policy is set to None, other configuration must be supplied.
Optional Readonlysearches?: string[]A list of DNS search domains for hostname lookup in the Pod. When specified, the provided list will be merged into the base search domain names generated from the chosen DNS policy. Duplicate domain names are removed.
Kubernetes allows for at most 6 search domains.
Optional Readonlysubdomain?: stringIf specified, the fully qualified Pod hostname will be "
Optional ReadonlydockerRegistryAuth?: {A secret containing docker credentials for authenticating to a registry.
Optional ReadonlyapiGroup?: stringThe group portion of the API version (e.g. authorization.k8s.io).
Optional ReadonlyapiVersion?: stringThe object's API version (e.g. "authorization.k8s.io/v1")
OptionalenvValue?: (key: string, options?: EnvValueFromSecretOptions) => EnvValueOptional Readonlykind?: stringThe object kind (e.g. "Deployment").
Optional Readonlyname?: stringThe Kubernetes name of this resource.
Optional Readonlynode?: {The tree node.
OptionaladdDependency?: (...deps: IDependable[]) => voidOptionaladdMetadata?: (type: string, data: any, options?: MetadataOptions) => voidOptionaladdr?: stringOptionaladdValidation?: (validation: IValidation) => voidOptionalchildren?: IConstruct[]OptionaldefaultChild?: {Optional Readonlynode?: { readonly scope?: { readonly node?: ... | undefined; } | undefined; readonly id?: string | undefined; readonly path?: string | undefined; readonly addr?: string | undefined; tryFindChild?: ((id: string) => IConstruct | undefined) | undefined; ... 18 more ...; lock?: (() => void) | undefined; } | undefinedThe tree node.
Optionaldependencies?: IConstruct[]OptionalfindAll?: (order?: ConstructOrder) => IConstruct[]OptionalfindChild?: (id: string) => IConstructOptionalgetAllContext?: (defaults?: object) => anyOptionalgetContext?: (key: string) => anyOptional Readonlyid?: stringThe id of this construct within the current scope.
This is a scope-unique id. To obtain an app-unique id for this construct, use addr.
Optionallock?: () => voidOptionallocked?: booleanOptionalmetadata?: MetadataEntry[]Optionalpath?: stringOptionalroot?: {Optional Readonlynode?: { readonly scope?: { readonly node?: ... | undefined; } | undefined; readonly id?: string | undefined; readonly path?: string | undefined; readonly addr?: string | undefined; tryFindChild?: ((id: string) => IConstruct | undefined) | undefined; ... 18 more ...; lock?: (() => void) | undefined; } | undefinedThe tree node.
Optional Readonlyscope?: {Returns the scope in which this construct is defined.
The value is undefined at the root of the construct scope tree.
Optional Readonlynode?: { readonly scope?: { readonly node?: ... | undefined; } | undefined; readonly id?: string | undefined; readonly path?: string | undefined; readonly addr?: string | undefined; tryFindChild?: ((id: string) => IConstruct | undefined) | undefined; ... 18 more ...; lock?: (() => void) | undefined; } | undefinedThe tree node.
Optionalscopes?: IConstruct[]OptionalsetContext?: (key: string, value: any) => voidOptionaltryFindChild?: (id: string) => undefined | IConstructOptionaltryGetContext?: (key: string) => anyOptionaltryRemoveChild?: (childName: string) => booleanOptionalvalidate?: () => string[]Optional ReadonlyresourceName?: stringThe unique, namespace-global, name of an object inside the Kubernetes cluster.
If this is omitted, the ApiResource should represent all objects of the given type.
Optional ReadonlyresourceType?: stringThe name of a resource type as it appears in the relevant API endpoint.
Optional ReadonlyfailedJobsRetained?: numberSpecifies the number of failed jobs history retained. This would retain the Job and the associated Pod resource and can be useful for debugging.
Optional ReadonlyhostAliases?: HostAlias[]HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file.
Optional ReadonlyhostNetwork?: booleanHost network for the pod.
Optional Readonlyimage?: { pullPolicy?: string; repository?: string; tag?: string }Optional ReadonlyinitContainers?: ContainerProps[]List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion.
Init containers cannot currently be added ,removed or updated.
Optional Readonlyisolate?: booleanIsolates the pod. This will prevent any ingress or egress connections to / from this pod.
You can however allow explicit connections post instantiation by using the .connections property.
Optional Readonlymetadata?: {Metadata that all persisted resources must have, which includes all objects users must create.
Optional Readonlyannotations?: { [key: string]: undefined | string }Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.
Optional Readonlyfinalizers?: string[]Namespaced keys that tell Kubernetes to wait until specific conditions are met before it fully deletes resources marked for deletion.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
Optional Readonlylabels?: { [key: string]: undefined | string }Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services.
Optional Readonlyname?: stringThe unique, namespace-global, name of this object inside the Kubernetes cluster.
Normally, you shouldn't specify names for objects and let the CDK generate a name for you that is application-unique. The names CDK generates are composed from the construct path components, separated by dots and a suffix that is based on a hash of the entire path, to ensure uniqueness.
You can supply custom name allocation logic by overriding the
chart.generateObjectName method.
If you use an explicit name here, bear in mind that this reduces the composability of your construct because it won't be possible to include more than one instance in any app. Therefore it is highly recommended to leave this unspecified.
Optional Readonlynamespace?: stringNamespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
Optional ReadonlyownerReferences?: OwnerReference[]List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
Kubernetes sets the value of this field automatically for objects that are dependents of other objects like ReplicaSets, DaemonSets, Deployments, Jobs and CronJobs, and ReplicationControllers. You can also configure these relationships manually by changing the value of this field. However, you usually don't need to and can allow Kubernetes to automatically manage the relationships.
Optional ReadonlypodMetadata?: {The pod metadata of this workload.
Optional Readonlyannotations?: { [key: string]: undefined | string }Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.
Optional Readonlyfinalizers?: string[]Namespaced keys that tell Kubernetes to wait until specific conditions are met before it fully deletes resources marked for deletion.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
Optional Readonlylabels?: { [key: string]: undefined | string }Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services.
Optional Readonlyname?: stringThe unique, namespace-global, name of this object inside the Kubernetes cluster.
Normally, you shouldn't specify names for objects and let the CDK generate a name for you that is application-unique. The names CDK generates are composed from the construct path components, separated by dots and a suffix that is based on a hash of the entire path, to ensure uniqueness.
You can supply custom name allocation logic by overriding the
chart.generateObjectName method.
If you use an explicit name here, bear in mind that this reduces the composability of your construct because it won't be possible to include more than one instance in any app. Therefore it is highly recommended to leave this unspecified.
Optional Readonlynamespace?: stringNamespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
Optional ReadonlyownerReferences?: OwnerReference[]List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
Kubernetes sets the value of this field automatically for objects that are dependents of other objects like ReplicaSets, DaemonSets, Deployments, Jobs and CronJobs, and ReplicationControllers. You can also configure these relationships manually by changing the value of this field. However, you usually don't need to and can allow Kubernetes to automatically manage the relationships.
Optional ReadonlyrestartPolicy?: RestartPolicyRestart policy for all containers within the pod.
Optional Readonlyschedule?: {Optional Readonlyday?: stringThe day of the month to run this rule at
Optional Readonlyhour?: stringThe hour to run this rule at
Optional Readonlyminute?: stringThe minute to run this rule at
Optional Readonlymonth?: stringThe month to run this rule at
Optional ReadonlyweekDay?: stringThe day of the week to run this rule at
Optional ReadonlysecurityContext?: {SecurityContext holds pod-level security attributes and common container settings.
Optional ReadonlyensureNonRoot?: booleanIndicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does.
Optional ReadonlyfsGroup?: numberModify the ownership and permissions of pod volumes to this GID.
Optional ReadonlyfsGroupChangePolicy?: FsGroupChangePolicyDefines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir.
Optional Readonlygroup?: numberThe GID to run the entrypoint of the container process.
Optional Readonlysysctls?: Sysctl[]Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch.
Optional Readonlyuser?: numberThe UID to run the entrypoint of the container process.
Optional Readonlyselect?: booleanAutomatically allocates a pod label selector for this workload and add it to the pod metadata. This ensures this workload manages pods created by its pod template.
Optional ReadonlyserviceAccount?: {A service account provides an identity for processes that run in a Pod.
When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).
Optional ReadonlyapiGroup?: stringThe group portion of the API version (e.g. authorization.k8s.io).
Optional ReadonlyapiVersion?: stringThe object's API version (e.g. "authorization.k8s.io/v1")
Optional Readonlykind?: stringThe object kind (e.g. "Deployment").
Optional Readonlyname?: stringThe Kubernetes name of this resource.
Optional Readonlynode?: {The tree node.
OptionaladdDependency?: (...deps: IDependable[]) => voidOptionaladdMetadata?: (type: string, data: any, options?: MetadataOptions) => voidOptionaladdr?: stringOptionaladdValidation?: (validation: IValidation) => voidOptionalchildren?: IConstruct[]OptionaldefaultChild?: {Optional Readonlynode?: { readonly scope?: { readonly node?: ... | undefined; } | undefined; readonly id?: string | undefined; readonly path?: string | undefined; readonly addr?: string | undefined; tryFindChild?: ((id: string) => IConstruct | undefined) | undefined; ... 18 more ...; lock?: (() => void) | undefined; } | undefinedThe tree node.
Optionaldependencies?: IConstruct[]OptionalfindAll?: (order?: ConstructOrder) => IConstruct[]OptionalfindChild?: (id: string) => IConstructOptionalgetAllContext?: (defaults?: object) => anyOptionalgetContext?: (key: string) => anyOptional Readonlyid?: stringThe id of this construct within the current scope.
This is a scope-unique id. To obtain an app-unique id for this construct, use addr.
Optionallock?: () => voidOptionallocked?: booleanOptionalmetadata?: MetadataEntry[]Optionalpath?: stringOptionalroot?: {Optional Readonlynode?: { readonly scope?: { readonly node?: ... | undefined; } | undefined; readonly id?: string | undefined; readonly path?: string | undefined; readonly addr?: string | undefined; tryFindChild?: ((id: string) => IConstruct | undefined) | undefined; ... 18 more ...; lock?: (() => void) | undefined; } | undefinedThe tree node.
Optional Readonlyscope?: {Returns the scope in which this construct is defined.
The value is undefined at the root of the construct scope tree.
Optional Readonlynode?: { readonly scope?: { readonly node?: ... | undefined; } | undefined; readonly id?: string | undefined; readonly path?: string | undefined; readonly addr?: string | undefined; tryFindChild?: ((id: string) => IConstruct | undefined) | undefined; ... 18 more ...; lock?: (() => void) | undefined; } | undefinedThe tree node.
Optionalscopes?: IConstruct[]OptionalsetContext?: (key: string, value: any) => voidOptionaltryFindChild?: (id: string) => undefined | IConstructOptionaltryGetContext?: (key: string) => anyOptionaltryRemoveChild?: (childName: string) => booleanOptionalvalidate?: () => string[]Optional ReadonlyresourceName?: stringThe unique, namespace-global, name of an object inside the Kubernetes cluster.
If this is omitted, the ApiResource should represent all objects of the given type.
Optional ReadonlyresourceType?: stringThe name of a resource type as it appears in the relevant API endpoint.
OptionaltoSubjectConfiguration?: () => SubjectConfigurationOptional ReadonlyshareProcessNamespace?: booleanWhen process namespace sharing is enabled, processes in a container are visible to all other containers in the same pod.
Optional ReadonlysourceDsn?: null | stringOptional Readonlyspread?: booleanAutomatically spread pods across hostname and zones.
Optional ReadonlystartingDeadline?: {Kubernetes attempts to start cron jobs at its schedule time, but this is not guaranteed. This deadline specifies how much time can pass after a schedule point, for which kubernetes can still start the job. For example, if this is set to 100 seconds, kubernetes is allowed to start the job at a maximum 100 seconds after the scheduled time.
Note that the Kubernetes CronJobController checks for things every 10 seconds, for this reason, a deadline below 10 seconds is not allowed, as it may cause your job to never be scheduled.
In addition, kubernetes will stop scheduling jobs if more than 100 schedules were missed (for any reason). This property also controls what time interval should kubernetes consider when counting for missed schedules.
For example, suppose a CronJob is set to schedule a new Job every one minute beginning at 08:30:00,
and its startingDeadline field is not set. If the CronJob controller happens to be down from 08:29:00 to 10:21:00,
the job will not start as the number of missed jobs which missed their schedule is greater than 100.
However, if startingDeadline is set to 200 seconds, kubernetes will only count 3 missed schedules, and thus
start a new execution at 10:22:00.
OptionaltoDays?: (opts?: TimeConversionOptions) => numberOptionaltoHours?: (opts?: TimeConversionOptions) => numberOptionaltoHumanString?: () => stringOptionaltoIsoString?: () => stringOptionaltoMilliseconds?: (opts?: TimeConversionOptions) => numberOptionaltoMinutes?: (opts?: TimeConversionOptions) => numberOptionaltoSeconds?: (opts?: TimeConversionOptions) => numberOptionalunitLabel?: () => stringOptional ReadonlysuccessfulJobsRetained?: numberSpecifies the number of successful jobs history retained. This would retain the Job and the associated Pod resource and can be useful for debugging.
Optional Readonlysuspend?: booleanSpecifies if the cron job should be suspended. Only applies to future executions, current ones are remained untouched.
Optional Readonlytarget?: {Optional ReadonlyterminationGracePeriod?: {Grace period until the pod is terminated
OptionaltoDays?: (opts?: TimeConversionOptions) => numberOptionaltoHours?: (opts?: TimeConversionOptions) => numberOptionaltoHumanString?: () => stringOptionaltoIsoString?: () => stringOptionaltoMilliseconds?: (opts?: TimeConversionOptions) => numberOptionaltoMinutes?: (opts?: TimeConversionOptions) => numberOptionaltoSeconds?: (opts?: TimeConversionOptions) => numberOptionalunitLabel?: () => stringOptional ReadonlytimeZone?: stringSpecifies the timezone for the job. This helps aligining the schedule to follow the specified timezone.
https://en.wikipedia.org/wiki/List_of_tz_database_time_zones for list of valid timezone values.
Optional ReadonlyttlAfterFinished?: {Limits the lifetime of a Job that has finished execution (either Complete
or Failed). If this field is set, after the Job finishes, it is eligible to
be automatically deleted. When the Job is being deleted, its lifecycle
guarantees (e.g. finalizers) will be honored. If this field is set to zero,
the Job becomes eligible to be deleted immediately after it finishes. This
field is alpha-level and is only honored by servers that enable the
TTLAfterFinished feature.
OptionaltoDays?: (opts?: TimeConversionOptions) => numberOptionaltoHours?: (opts?: TimeConversionOptions) => numberOptionaltoHumanString?: () => stringOptionaltoIsoString?: () => stringOptionaltoMilliseconds?: (opts?: TimeConversionOptions) => numberOptionaltoMinutes?: (opts?: TimeConversionOptions) => numberOptionaltoSeconds?: (opts?: TimeConversionOptions) => numberOptionalunitLabel?: () => stringOptional Readonlyvolumes?: Volume[]List of volumes that can be mounted by containers belonging to the pod.
You can also add volumes later using podSpec.addVolume()
OptionalwebImage?: { pullPolicy?: string; repository?: string; tag?: string }Optionalwsgi?: {Optional ReadonlyautomountServiceAccountToken?: booleanIndicates whether a service account token should be automatically mounted.
OptionalcontainerDefaults?: {Optional Readonlyargs?: string[]Arguments to the entrypoint. The docker image's CMD is used if command is
not provided.
Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not.
Cannot be updated.
Optional Readonlycommand?: string[]Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
Optional ReadonlyenvFrom?: EnvFrom[]List of sources to populate environment variables in the container.
When a key exists in multiple sources, the value associated with
the last source will take precedence. Values defined by the envVariables property
with a duplicate key will take precedence.
Optional ReadonlyenvVariables?: { [key: string]: undefined | { value?: any; valueFrom?: any } }Environment variables to set in the container.
Optional Readonlyimage?: stringDocker image name.
Optional ReadonlyimagePullPolicy?: ImagePullPolicyImage pull policy for this container
Optional Readonlylifecycle?: {Describes actions that the management system should take in response to container lifecycle events.
Optional ReadonlypostStart?: { _toKube?: (cont: ...) => ... }This hook is executed immediately after a container is created. However, there is no guarantee that the hook will execute before the container ENTRYPOINT.
Optional ReadonlypreStop?: { _toKube?: (cont: ...) => ... }This hook is called immediately before a container is terminated due to an API request or management event such as a liveness/startup probe failure, preemption, resource contention and others. A call to the PreStop hook fails if the container is already in a terminated or completed state and the hook must complete before the TERM signal to stop the container can be sent. The Pod's termination grace period countdown begins before the PreStop hook is executed, so regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period. No parameters are passed to the handler.
Optional Readonlyliveness?: { _toKube?: (cont: Container) => Probe }Periodic probe of container liveness. Container will be restarted if the probe fails.
Optional Readonlyname?: stringName of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.
Optional Readonlyport?: numberOptional ReadonlyportNumber?: numberNumber of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.
This is a convinience property if all you need a single TCP numbered port.
In case more advanced configuartion is required, use the ports property.
This port is added to the list of ports mentioned in the ports property.
Optional Readonlyports?: ContainerPort[]List of ports to expose from this container.
Optional Readonlyreadiness?: { _toKube?: (cont: Container) => Probe }Determines when the container is ready to serve traffic.
Optional Readonlyresources?: {Compute resources (CPU and memory requests and limits) required by the container
Optional ReadonlyrestartPolicy?: ContainerRestartPolicyKubelet will start init containers with restartPolicy=Always in the order with other init containers, but instead of waiting for its completion, it will wait for the container startup completion Currently, only accepted value is Always
Optional ReadonlysecurityContext?: {SecurityContext defines the security options the container should be run with. If set, the fields override equivalent fields of the pod's security context.
Optional ReadonlyallowPrivilegeEscalation?: booleanWhether a process can gain more privileges than its parent process.
Optional Readonlycapabilities?: { add?: (...)[]; drop?: (...)[] }POSIX capabilities for running containers
Optional Readonlyadd?: (...)[]Added capabilities
Optional Readonlydrop?: (...)[]Removed capabilities
Optional ReadonlyensureNonRoot?: booleanIndicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does.
Optional Readonlygroup?: numberThe GID to run the entrypoint of the container process.
Optional Readonlyprivileged?: booleanRun container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host.
Optional ReadonlyreadOnlyRootFilesystem?: booleanWhether this container has a read-only root filesystem.
Optional ReadonlyseccompProfile?: { localhostProfile?: string; type?: SeccompProfileType }Container's seccomp profile settings. Only one profile source may be set
Optional ReadonlylocalhostProfile?: stringlocalhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost".
Optional Readonlytype?: SeccompProfileTypeIndicates which kind of seccomp profile will be applied
Optional Readonlyuser?: numberThe UID to run the entrypoint of the container process.
Optional Readonlystartup?: { _toKube?: (cont: Container) => Probe }StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully
Optional ReadonlyvolumeMounts?: VolumeMount[]Pod volumes to mount into the container's filesystem. Cannot be updated.
Optional ReadonlyworkingDir?: stringContainer's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.
Optional Readonlycontainers?: ContainerProps[]List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod.
You can add additionnal containers using podSpec.addContainer()
Optional Readonlydns?: {DNS settings for the pod.
Optional Readonlyhostname?: stringSpecifies the hostname of the Pod.
Optional ReadonlyhostnameAsFQDN?: booleanIf true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters to FQDN. If a pod does not have FQDN, this has no effect.
Optional Readonlynameservers?: string[]A list of IP addresses that will be used as DNS servers for the Pod. There can be at most 3 IP addresses specified. When the policy is set to "NONE", the list must contain at least one IP address, otherwise this property is optional. The servers listed will be combined to the base nameservers generated from the specified DNS policy with duplicate addresses removed.
Optional Readonlyoptions?: DnsOption[]List of objects where each object may have a name property (required) and a value property (optional). The contents in this property will be merged to the options generated from the specified DNS policy. Duplicate entries are removed.
Optional Readonlypolicy?: DnsPolicySet DNS policy for the pod.
If policy is set to None, other configuration must be supplied.
Optional Readonlysearches?: string[]A list of DNS search domains for hostname lookup in the Pod. When specified, the provided list will be merged into the base search domain names generated from the chosen DNS policy. Duplicate domain names are removed.
Kubernetes allows for at most 6 search domains.
Optional Readonlysubdomain?: stringIf specified, the fully qualified Pod hostname will be "
Optional ReadonlydockerRegistryAuth?: {A secret containing docker credentials for authenticating to a registry.
Optional ReadonlyapiGroup?: stringThe group portion of the API version (e.g. authorization.k8s.io).
Optional ReadonlyapiVersion?: stringThe object's API version (e.g. "authorization.k8s.io/v1")
OptionalenvValue?: (key: string, options?: EnvValueFromSecretOptions) => EnvValueOptional Readonlykind?: stringThe object kind (e.g. "Deployment").
Optional Readonlyname?: stringThe Kubernetes name of this resource.
Optional Readonlynode?: {The tree node.
OptionaladdDependency?: (...deps: IDependable[]) => voidOptionaladdMetadata?: (type: string, data: any, options?: MetadataOptions) => voidOptionaladdr?: stringOptionaladdValidation?: (validation: IValidation) => voidOptionalchildren?: IConstruct[]OptionaldefaultChild?: {Optional Readonlynode?: { readonly scope?: { readonly node?: ... | undefined; } | undefined; readonly id?: string | undefined; readonly path?: string | undefined; readonly addr?: string | undefined; tryFindChild?: ((id: string) => IConstruct | undefined) | undefined; ... 18 more ...; lock?: (() => void) | undefined; } | undefinedThe tree node.
Optionaldependencies?: IConstruct[]OptionalfindAll?: (order?: ConstructOrder) => IConstruct[]OptionalfindChild?: (id: string) => IConstructOptionalgetAllContext?: (defaults?: object) => anyOptionalgetContext?: (key: string) => anyOptional Readonlyid?: stringThe id of this construct within the current scope.
This is a scope-unique id. To obtain an app-unique id for this construct, use addr.
Optionallock?: () => voidOptionallocked?: booleanOptionalmetadata?: MetadataEntry[]Optionalpath?: stringOptionalroot?: {Optional Readonlynode?: { readonly scope?: { readonly node?: ... | undefined; } | undefined; readonly id?: string | undefined; readonly path?: string | undefined; readonly addr?: string | undefined; tryFindChild?: ((id: string) => IConstruct | undefined) | undefined; ... 18 more ...; lock?: (() => void) | undefined; } | undefinedThe tree node.
Optional Readonlyscope?: {Returns the scope in which this construct is defined.
The value is undefined at the root of the construct scope tree.
Optional Readonlynode?: { readonly scope?: { readonly node?: ... | undefined; } | undefined; readonly id?: string | undefined; readonly path?: string | undefined; readonly addr?: string | undefined; tryFindChild?: ((id: string) => IConstruct | undefined) | undefined; ... 18 more ...; lock?: (() => void) | undefined; } | undefinedThe tree node.
Optionalscopes?: IConstruct[]OptionalsetContext?: (key: string, value: any) => voidOptionaltryFindChild?: (id: string) => undefined | IConstructOptionaltryGetContext?: (key: string) => anyOptionaltryRemoveChild?: (childName: string) => booleanOptionalvalidate?: () => string[]Optional ReadonlyresourceName?: stringThe unique, namespace-global, name of an object inside the Kubernetes cluster.
If this is omitted, the ApiResource should represent all objects of the given type.
Optional ReadonlyresourceType?: stringThe name of a resource type as it appears in the relevant API endpoint.
Optional ReadonlyhostAliases?: HostAlias[]HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file.
Optional ReadonlyhostNetwork?: booleanHost network for the pod.
Optionalimage?: { pullPolicy?: string; repository?: string; tag?: string }Optional ReadonlyinitContainers?: ContainerProps[]List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion.
Init containers cannot currently be added ,removed or updated.
Optional Readonlyisolate?: booleanIsolates the pod. This will prevent any ingress or egress connections to / from this pod.
You can however allow explicit connections post instantiation by using the .connections property.
Optional Readonlymetadata?: {Metadata that all persisted resources must have, which includes all objects users must create.
Optional Readonlyannotations?: { [key: string]: undefined | string }Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.
Optional Readonlyfinalizers?: string[]Namespaced keys that tell Kubernetes to wait until specific conditions are met before it fully deletes resources marked for deletion.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
Optional Readonlylabels?: { [key: string]: undefined | string }Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services.
Optional Readonlyname?: stringThe unique, namespace-global, name of this object inside the Kubernetes cluster.
Normally, you shouldn't specify names for objects and let the CDK generate a name for you that is application-unique. The names CDK generates are composed from the construct path components, separated by dots and a suffix that is based on a hash of the entire path, to ensure uniqueness.
You can supply custom name allocation logic by overriding the
chart.generateObjectName method.
If you use an explicit name here, bear in mind that this reduces the composability of your construct because it won't be possible to include more than one instance in any app. Therefore it is highly recommended to leave this unspecified.
Optional Readonlynamespace?: stringNamespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
Optional ReadonlyownerReferences?: OwnerReference[]List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
Kubernetes sets the value of this field automatically for objects that are dependents of other objects like ReplicaSets, DaemonSets, Deployments, Jobs and CronJobs, and ReplicationControllers. You can also configure these relationships manually by changing the value of this field. However, you usually don't need to and can allow Kubernetes to automatically manage the relationships.
Optional ReadonlypodMetadata?: {The pod metadata of this workload.
Optional Readonlyannotations?: { [key: string]: undefined | string }Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.
Optional Readonlyfinalizers?: string[]Namespaced keys that tell Kubernetes to wait until specific conditions are met before it fully deletes resources marked for deletion.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
Optional Readonlylabels?: { [key: string]: undefined | string }Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services.
Optional Readonlyname?: stringThe unique, namespace-global, name of this object inside the Kubernetes cluster.
Normally, you shouldn't specify names for objects and let the CDK generate a name for you that is application-unique. The names CDK generates are composed from the construct path components, separated by dots and a suffix that is based on a hash of the entire path, to ensure uniqueness.
You can supply custom name allocation logic by overriding the
chart.generateObjectName method.
If you use an explicit name here, bear in mind that this reduces the composability of your construct because it won't be possible to include more than one instance in any app. Therefore it is highly recommended to leave this unspecified.
Optional Readonlynamespace?: stringNamespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
Optional ReadonlyownerReferences?: OwnerReference[]List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
Kubernetes sets the value of this field automatically for objects that are dependents of other objects like ReplicaSets, DaemonSets, Deployments, Jobs and CronJobs, and ReplicationControllers. You can also configure these relationships manually by changing the value of this field. However, you usually don't need to and can allow Kubernetes to automatically manage the relationships.
Optionalprobes?: {Optional Readonlyliveness?: { _toKube?: (cont: Container) => Probe }Periodic probe of container liveness. Container will be restarted if the probe fails.
Optional Readonlyreadiness?: { _toKube?: (cont: Container) => Probe }Determines when the container is ready to serve traffic.
Optional Readonlystartup?: { _toKube?: (cont: Container) => Probe }StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully
OptionalreplicaCount?: numberOptionalresources?: {Optional ReadonlyrestartPolicy?: RestartPolicyRestart policy for all containers within the pod.
Optionalscaling?: {Optional ReadonlycpuUtilPercent?: numberOptional Readonlyhpa?: {Escape hatch
Optional ReadonlymaxReplicas?: numberThe maximum number of replicas that can be scaled up to.
Optional Readonlymetadata?: {Metadata that all persisted resources must have, which includes all objects users must create.
Optional Readonlyannotations?: { [key: ...]: ... }Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.
Optional Readonlyfinalizers?: (...)[]Namespaced keys that tell Kubernetes to wait until specific conditions are met before it fully deletes resources marked for deletion.
Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.
Optional Readonlylabels?: { [key: ...]: ... }Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services.
Optional Readonlyname?: stringThe unique, namespace-global, name of this object inside the Kubernetes cluster.
Normally, you shouldn't specify names for objects and let the CDK generate a name for you that is application-unique. The names CDK generates are composed from the construct path components, separated by dots and a suffix that is based on a hash of the entire path, to ensure uniqueness.
You can supply custom name allocation logic by overriding the
chart.generateObjectName method.
If you use an explicit name here, bear in mind that this reduces the composability of your construct because it won't be possible to include more than one instance in any app. Therefore it is highly recommended to leave this unspecified.
Optional Readonlynamespace?: stringNamespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
Optional ReadonlyownerReferences?: (...)[]List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
Kubernetes sets the value of this field automatically for objects that are dependents of other objects like ReplicaSets, DaemonSets, Deployments, Jobs and CronJobs, and ReplicationControllers. You can also configure these relationships manually by changing the value of this field. However, you usually don't need to and can allow Kubernetes to automatically manage the relationships.
Optional Readonlymetrics?: Metric[]The metric conditions that trigger a scale up or scale down.
Optional ReadonlyminReplicas?: numberThe minimum number of replicas that can be scaled down to.
Can be set to 0 if the alpha feature gate HPAScaleToZero is enabled and
at least one Object or External metric is configured.
Optional ReadonlyscaleDown?: {The scaling behavior when scaling down.
Optional Readonlypolicies?: (...)[]The scaling policies.
Optional ReadonlystabilizationWindow?: {Defines the window of past metrics that the autoscaler should consider when calculating wether or not autoscaling should occur.
Minimum duration is 1 second, max is 1 hour.
Optional Readonlystrategy?: ScalingStrategyThe strategy to use when scaling.
Optional ReadonlyscaleUp?: {The scaling behavior when scaling up.
Optional Readonlypolicies?: (...)[]The scaling policies.
Optional ReadonlystabilizationWindow?: {Defines the window of past metrics that the autoscaler should consider when calculating wether or not autoscaling should occur.
Minimum duration is 1 second, max is 1 hour.
Optional Readonlystrategy?: ScalingStrategyThe strategy to use when scaling.
Optional Readonlytarget?: {The workload to scale up or down.
Scalable workload types:
OptionalhasAutoscaler?: booleanIf this is a target of an autoscaler.
OptionalmarkHasAutoscaler?: () => ...OptionaltoScalingTarget?: () => ...Optional ReadonlymaxReplicas?: numberOptional ReadonlymemUtilPercent?: numberOptional ReadonlyminReplicas?: numberOptional Readonlytarget?: {OptionalhasAutoscaler?: booleanIf this is a target of an autoscaler.
OptionalmarkHasAutoscaler?: () => voidOptionaltoScalingTarget?: () => ScalingTargetOptional ReadonlysecurityContext?: {SecurityContext holds pod-level security attributes and common container settings.
Optional ReadonlyensureNonRoot?: booleanIndicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does.
Optional ReadonlyfsGroup?: numberModify the ownership and permissions of pod volumes to this GID.
Optional ReadonlyfsGroupChangePolicy?: FsGroupChangePolicyDefines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir.
Optional Readonlygroup?: numberThe GID to run the entrypoint of the container process.
Optional Readonlysysctls?: Sysctl[]Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch.
Optional Readonlyuser?: numberThe UID to run the entrypoint of the container process.
Optional Readonlyselect?: booleanAutomatically allocates a pod label selector for this workload and add it to the pod metadata. This ensures this workload manages pods created by its pod template.
Optional ReadonlyserviceAccount?: {A service account provides an identity for processes that run in a Pod.
When you (a human) access the cluster (for example, using kubectl), you are authenticated by the apiserver as a particular User Account (currently this is usually admin, unless your cluster administrator has customized your cluster). Processes in containers inside pods can also contact the apiserver. When they do, they are authenticated as a particular Service Account (for example, default).
Optional ReadonlyapiGroup?: stringThe group portion of the API version (e.g. authorization.k8s.io).
Optional ReadonlyapiVersion?: stringThe object's API version (e.g. "authorization.k8s.io/v1")
Optional Readonlykind?: stringThe object kind (e.g. "Deployment").
Optional Readonlyname?: stringThe Kubernetes name of this resource.
Optional Readonlynode?: {The tree node.
OptionaladdDependency?: (...deps: IDependable[]) => voidOptionaladdMetadata?: (type: string, data: any, options?: MetadataOptions) => voidOptionaladdr?: stringOptionaladdValidation?: (validation: IValidation) => voidOptionalchildren?: IConstruct[]OptionaldefaultChild?: {Optional Readonlynode?: { readonly scope?: { readonly node?: ... | undefined; } | undefined; readonly id?: string | undefined; readonly path?: string | undefined; readonly addr?: string | undefined; tryFindChild?: ((id: string) => IConstruct | undefined) | undefined; ... 18 more ...; lock?: (() => void) | undefined; } | undefinedThe tree node.
Optionaldependencies?: IConstruct[]OptionalfindAll?: (order?: ConstructOrder) => IConstruct[]OptionalfindChild?: (id: string) => IConstructOptionalgetAllContext?: (defaults?: object) => anyOptionalgetContext?: (key: string) => anyOptional Readonlyid?: stringThe id of this construct within the current scope.
This is a scope-unique id. To obtain an app-unique id for this construct, use addr.
Optionallock?: () => voidOptionallocked?: booleanOptionalmetadata?: MetadataEntry[]Optionalpath?: stringOptionalroot?: {Optional Readonlynode?: { readonly scope?: { readonly node?: ... | undefined; } | undefined; readonly id?: string | undefined; readonly path?: string | undefined; readonly addr?: string | undefined; tryFindChild?: ((id: string) => IConstruct | undefined) | undefined; ... 18 more ...; lock?: (() => void) | undefined; } | undefinedThe tree node.
Optional Readonlyscope?: {Returns the scope in which this construct is defined.
The value is undefined at the root of the construct scope tree.
Optional Readonlynode?: { readonly scope?: { readonly node?: ... | undefined; } | undefined; readonly id?: string | undefined; readonly path?: string | undefined; readonly addr?: string | undefined; tryFindChild?: ((id: string) => IConstruct | undefined) | undefined; ... 18 more ...; lock?: (() => void) | undefined; } | undefinedThe tree node.
Optionalscopes?: IConstruct[]OptionalsetContext?: (key: string, value: any) => voidOptionaltryFindChild?: (id: string) => undefined | IConstructOptionaltryGetContext?: (key: string) => anyOptionaltryRemoveChild?: (childName: string) => booleanOptionalvalidate?: () => string[]Optional ReadonlyresourceName?: stringThe unique, namespace-global, name of an object inside the Kubernetes cluster.
If this is omitted, the ApiResource should represent all objects of the given type.
Optional ReadonlyresourceType?: stringThe name of a resource type as it appears in the relevant API endpoint.
OptionaltoSubjectConfiguration?: () => SubjectConfigurationOptional ReadonlyshareProcessNamespace?: booleanWhen process namespace sharing is enabled, processes in a container are visible to all other containers in the same pod.
Optional Readonlyspread?: booleanAutomatically spread pods across hostname and zones.
Optional ReadonlyterminationGracePeriod?: {Grace period until the pod is terminated
OptionaltoDays?: (opts?: TimeConversionOptions) => numberOptionaltoHours?: (opts?: TimeConversionOptions) => numberOptionaltoHumanString?: () => stringOptionaltoIsoString?: () => stringOptionaltoMilliseconds?: (opts?: TimeConversionOptions) => numberOptionaltoMinutes?: (opts?: TimeConversionOptions) => numberOptionaltoSeconds?: (opts?: TimeConversionOptions) => numberOptionalunitLabel?: () => stringOptionalthreads?: numberOptionalverticalScaling?: { enabled?: boolean; policies?: ContainerPolicy[] }Optional Readonlyvolumes?: Volume[]List of volumes that can be mounted by containers belonging to the pod.
You can also add volumes later using podSpec.addVolume()
Optionalworkers?: number
The default namespace for all objects in this chart.