events.v1alpha1.template

Index

fn withImagePullSecrets(imagePullSecrets)
fn withImagePullSecretsMixin(imagePullSecrets)
fn withNodeSelector(nodeSelector)
fn withNodeSelectorMixin(nodeSelector)
fn withPriority(priority)
fn withPriorityClassName(priorityClassName)
fn withServiceAccountName(serviceAccountName)
fn withTolerations(tolerations)
fn withTolerationsMixin(tolerations)
fn withVolumes(volumes)
fn withVolumesMixin(volumes)
obj affinity
obj container
obj metadata
obj securityContext

Fields

fn withImagePullSecrets

withImagePullSecrets(imagePullSecrets)

fn withImagePullSecretsMixin

withImagePullSecretsMixin(imagePullSecrets)

Note: This function appends passed data to existing values

fn withNodeSelector

withNodeSelector(nodeSelector)

fn withNodeSelectorMixin

withNodeSelectorMixin(nodeSelector)

Note: This function appends passed data to existing values

fn withPriority

withPriority(priority)

fn withPriorityClassName

withPriorityClassName(priorityClassName)

fn withServiceAccountName

withServiceAccountName(serviceAccountName)

fn withTolerations

withTolerations(tolerations)

fn withTolerationsMixin

withTolerationsMixin(tolerations)

Note: This function appends passed data to existing values

fn withVolumes

withVolumes(volumes)

fn withVolumesMixin

withVolumesMixin(volumes)

Note: This function appends passed data to existing values

obj affinity

"Affinity is a group of affinity scheduling rules."

obj affinity.nodeAffinity

"Node affinity is a group of node affinity scheduling rules."

fn affinity.nodeAffinity.withPreferredDuringSchedulingIgnoredDuringExecution

withPreferredDuringSchedulingIgnoredDuringExecution(preferredDuringSchedulingIgnoredDuringExecution)

"The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred."

fn affinity.nodeAffinity.withPreferredDuringSchedulingIgnoredDuringExecutionMixin

withPreferredDuringSchedulingIgnoredDuringExecutionMixin(preferredDuringSchedulingIgnoredDuringExecution)

"The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred."

Note: This function appends passed data to existing values

obj affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution

"A node selector represents the union of the results of one or more label queries over a set of nodes; that is, it represents the OR of the selectors represented by the node selector terms."

fn affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.withNodeSelectorTerms

withNodeSelectorTerms(nodeSelectorTerms)

"Required. A list of node selector terms. The terms are ORed."

fn affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.withNodeSelectorTermsMixin

withNodeSelectorTermsMixin(nodeSelectorTerms)

"Required. A list of node selector terms. The terms are ORed."

Note: This function appends passed data to existing values

obj affinity.podAffinity

"Pod affinity is a group of inter pod affinity scheduling rules."

fn affinity.podAffinity.withPreferredDuringSchedulingIgnoredDuringExecution

withPreferredDuringSchedulingIgnoredDuringExecution(preferredDuringSchedulingIgnoredDuringExecution)

"The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred."

fn affinity.podAffinity.withPreferredDuringSchedulingIgnoredDuringExecutionMixin

withPreferredDuringSchedulingIgnoredDuringExecutionMixin(preferredDuringSchedulingIgnoredDuringExecution)

"The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred."

Note: This function appends passed data to existing values

fn affinity.podAffinity.withRequiredDuringSchedulingIgnoredDuringExecution

withRequiredDuringSchedulingIgnoredDuringExecution(requiredDuringSchedulingIgnoredDuringExecution)

"If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied."

fn affinity.podAffinity.withRequiredDuringSchedulingIgnoredDuringExecutionMixin

withRequiredDuringSchedulingIgnoredDuringExecutionMixin(requiredDuringSchedulingIgnoredDuringExecution)

"If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied."

Note: This function appends passed data to existing values

obj affinity.podAntiAffinity

"Pod anti affinity is a group of inter pod anti affinity scheduling rules."

fn affinity.podAntiAffinity.withPreferredDuringSchedulingIgnoredDuringExecution

withPreferredDuringSchedulingIgnoredDuringExecution(preferredDuringSchedulingIgnoredDuringExecution)

"The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred."

fn affinity.podAntiAffinity.withPreferredDuringSchedulingIgnoredDuringExecutionMixin

withPreferredDuringSchedulingIgnoredDuringExecutionMixin(preferredDuringSchedulingIgnoredDuringExecution)

"The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred."

Note: This function appends passed data to existing values

fn affinity.podAntiAffinity.withRequiredDuringSchedulingIgnoredDuringExecution

withRequiredDuringSchedulingIgnoredDuringExecution(requiredDuringSchedulingIgnoredDuringExecution)

"If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied."

fn affinity.podAntiAffinity.withRequiredDuringSchedulingIgnoredDuringExecutionMixin

withRequiredDuringSchedulingIgnoredDuringExecutionMixin(requiredDuringSchedulingIgnoredDuringExecution)

"If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied."

Note: This function appends passed data to existing values

obj container

"A single application container that you want to run within a pod."

fn container.withArgs

withArgs(args)

"Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell"

fn container.withArgsMixin

withArgsMixin(args)

"Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell"

Note: This function appends passed data to existing values

fn container.withCommand

withCommand(command)

"Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell"

fn container.withCommandMixin

withCommandMixin(command)

"Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell"

Note: This function appends passed data to existing values

fn container.withEnv

withEnv(env)

"List of environment variables to set in the container. Cannot be updated."

fn container.withEnvFrom

withEnvFrom(envFrom)

"List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated."

fn container.withEnvFromMixin

withEnvFromMixin(envFrom)

"List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated."

Note: This function appends passed data to existing values

fn container.withEnvMixin

withEnvMixin(env)

"List of environment variables to set in the container. Cannot be updated."

Note: This function appends passed data to existing values

fn container.withImage

withImage(image)

"Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets."

fn container.withImagePullPolicy

withImagePullPolicy(imagePullPolicy)

"Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images\n\nPossible enum values:\n - \"Always\" means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.\n - \"IfNotPresent\" means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.\n - \"Never\" means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present"

fn container.withName

withName(name)

"Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated."

fn container.withPorts

withPorts(ports)

"List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Cannot be updated."

fn container.withPortsMixin

withPortsMixin(ports)

"List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Cannot be updated."

Note: This function appends passed data to existing values

fn container.withStdin

withStdin(stdin)

"Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false."

fn container.withStdinOnce

withStdinOnce(stdinOnce)

"Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false"

fn container.withTerminationMessagePath

withTerminationMessagePath(terminationMessagePath)

"Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated."

fn container.withTerminationMessagePolicy

withTerminationMessagePolicy(terminationMessagePolicy)

"Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.\n\nPossible enum values:\n - \"FallbackToLogsOnError\" will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents.\n - \"File\" is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits."

fn container.withTty

withTty(tty)

"Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false."

fn container.withVolumeDevices

withVolumeDevices(volumeDevices)

"volumeDevices is the list of block devices to be used by the container."

fn container.withVolumeDevicesMixin

withVolumeDevicesMixin(volumeDevices)

"volumeDevices is the list of block devices to be used by the container."

Note: This function appends passed data to existing values

fn container.withVolumeMounts

withVolumeMounts(volumeMounts)

"Pod volumes to mount into the container's filesystem. Cannot be updated."

fn container.withVolumeMountsMixin

withVolumeMountsMixin(volumeMounts)

"Pod volumes to mount into the container's filesystem. Cannot be updated."

Note: This function appends passed data to existing values

fn container.withWorkingDir

withWorkingDir(workingDir)

"Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated."

obj container.lifecycle

"Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted."

obj container.lifecycle.postStart

"LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified."

obj container.lifecycle.postStart.exec

"ExecAction describes a \"run in container\" action."

fn container.lifecycle.postStart.exec.withCommand

withCommand(command)

"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy."

fn container.lifecycle.postStart.exec.withCommandMixin

withCommandMixin(command)

"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy."

Note: This function appends passed data to existing values

obj container.lifecycle.postStart.httpGet

"HTTPGetAction describes an action based on HTTP Get requests."

fn container.lifecycle.postStart.httpGet.withHost

withHost(host)

"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead."

fn container.lifecycle.postStart.httpGet.withHttpHeaders

withHttpHeaders(httpHeaders)

"Custom headers to set in the request. HTTP allows repeated headers."

fn container.lifecycle.postStart.httpGet.withHttpHeadersMixin

withHttpHeadersMixin(httpHeaders)

"Custom headers to set in the request. HTTP allows repeated headers."

Note: This function appends passed data to existing values

fn container.lifecycle.postStart.httpGet.withPath

withPath(path)

"Path to access on the HTTP server."

fn container.lifecycle.postStart.httpGet.withPort

withPort(port)

fn container.lifecycle.postStart.httpGet.withScheme

withScheme(scheme)

"Scheme to use for connecting to the host. Defaults to HTTP.\n\nPossible enum values:\n - \"HTTP\" means that the scheme used will be http://\n - \"HTTPS\" means that the scheme used will be https://"

obj container.lifecycle.postStart.tcpSocket

"TCPSocketAction describes an action based on opening a socket"

fn container.lifecycle.postStart.tcpSocket.withHost

withHost(host)

"Optional: Host name to connect to, defaults to the pod IP."

fn container.lifecycle.postStart.tcpSocket.withPort

withPort(port)

obj container.lifecycle.preStop

"LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified."

obj container.lifecycle.preStop.exec

"ExecAction describes a \"run in container\" action."

fn container.lifecycle.preStop.exec.withCommand

withCommand(command)

"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy."

fn container.lifecycle.preStop.exec.withCommandMixin

withCommandMixin(command)

"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy."

Note: This function appends passed data to existing values

obj container.lifecycle.preStop.httpGet

"HTTPGetAction describes an action based on HTTP Get requests."

fn container.lifecycle.preStop.httpGet.withHost

withHost(host)

"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead."

fn container.lifecycle.preStop.httpGet.withHttpHeaders

withHttpHeaders(httpHeaders)

"Custom headers to set in the request. HTTP allows repeated headers."

fn container.lifecycle.preStop.httpGet.withHttpHeadersMixin

withHttpHeadersMixin(httpHeaders)

"Custom headers to set in the request. HTTP allows repeated headers."

Note: This function appends passed data to existing values

fn container.lifecycle.preStop.httpGet.withPath

withPath(path)

"Path to access on the HTTP server."

fn container.lifecycle.preStop.httpGet.withPort

withPort(port)

fn container.lifecycle.preStop.httpGet.withScheme

withScheme(scheme)

"Scheme to use for connecting to the host. Defaults to HTTP.\n\nPossible enum values:\n - \"HTTP\" means that the scheme used will be http://\n - \"HTTPS\" means that the scheme used will be https://"

obj container.lifecycle.preStop.tcpSocket

"TCPSocketAction describes an action based on opening a socket"

fn container.lifecycle.preStop.tcpSocket.withHost

withHost(host)

"Optional: Host name to connect to, defaults to the pod IP."

fn container.lifecycle.preStop.tcpSocket.withPort

withPort(port)

obj container.livenessProbe

"Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic."

fn container.livenessProbe.withFailureThreshold

withFailureThreshold(failureThreshold)

"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1."

fn container.livenessProbe.withInitialDelaySeconds

withInitialDelaySeconds(initialDelaySeconds)

"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"

fn container.livenessProbe.withPeriodSeconds

withPeriodSeconds(periodSeconds)

"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1."

fn container.livenessProbe.withSuccessThreshold

withSuccessThreshold(successThreshold)

"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1."

fn container.livenessProbe.withTerminationGracePeriodSeconds

withTerminationGracePeriodSeconds(terminationGracePeriodSeconds)

"Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset."

fn container.livenessProbe.withTimeoutSeconds

withTimeoutSeconds(timeoutSeconds)

"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"

obj container.livenessProbe.exec

"ExecAction describes a \"run in container\" action."

fn container.livenessProbe.exec.withCommand

withCommand(command)

"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy."

fn container.livenessProbe.exec.withCommandMixin

withCommandMixin(command)

"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy."

Note: This function appends passed data to existing values

obj container.livenessProbe.grpc

fn container.livenessProbe.grpc.withPort

withPort(port)

"Port number of the gRPC service. Number must be in the range 1 to 65535."

fn container.livenessProbe.grpc.withService

withService(service)

"Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC."

obj container.livenessProbe.httpGet

"HTTPGetAction describes an action based on HTTP Get requests."

fn container.livenessProbe.httpGet.withHost

withHost(host)

"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead."

fn container.livenessProbe.httpGet.withHttpHeaders

withHttpHeaders(httpHeaders)

"Custom headers to set in the request. HTTP allows repeated headers."

fn container.livenessProbe.httpGet.withHttpHeadersMixin

withHttpHeadersMixin(httpHeaders)

"Custom headers to set in the request. HTTP allows repeated headers."

Note: This function appends passed data to existing values

fn container.livenessProbe.httpGet.withPath

withPath(path)

"Path to access on the HTTP server."

fn container.livenessProbe.httpGet.withPort

withPort(port)

fn container.livenessProbe.httpGet.withScheme

withScheme(scheme)

"Scheme to use for connecting to the host. Defaults to HTTP.\n\nPossible enum values:\n - \"HTTP\" means that the scheme used will be http://\n - \"HTTPS\" means that the scheme used will be https://"

obj container.livenessProbe.tcpSocket

"TCPSocketAction describes an action based on opening a socket"

fn container.livenessProbe.tcpSocket.withHost

withHost(host)

"Optional: Host name to connect to, defaults to the pod IP."

fn container.livenessProbe.tcpSocket.withPort

withPort(port)

obj container.readinessProbe

"Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic."

fn container.readinessProbe.withFailureThreshold

withFailureThreshold(failureThreshold)

"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1."

fn container.readinessProbe.withInitialDelaySeconds

withInitialDelaySeconds(initialDelaySeconds)

"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"

fn container.readinessProbe.withPeriodSeconds

withPeriodSeconds(periodSeconds)

"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1."

fn container.readinessProbe.withSuccessThreshold

withSuccessThreshold(successThreshold)

"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1."

fn container.readinessProbe.withTerminationGracePeriodSeconds

withTerminationGracePeriodSeconds(terminationGracePeriodSeconds)

"Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset."

fn container.readinessProbe.withTimeoutSeconds

withTimeoutSeconds(timeoutSeconds)

"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"

obj container.readinessProbe.exec

"ExecAction describes a \"run in container\" action."

fn container.readinessProbe.exec.withCommand

withCommand(command)

"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy."

fn container.readinessProbe.exec.withCommandMixin

withCommandMixin(command)

"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy."

Note: This function appends passed data to existing values

obj container.readinessProbe.grpc

fn container.readinessProbe.grpc.withPort

withPort(port)

"Port number of the gRPC service. Number must be in the range 1 to 65535."

fn container.readinessProbe.grpc.withService

withService(service)

"Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC."

obj container.readinessProbe.httpGet

"HTTPGetAction describes an action based on HTTP Get requests."

fn container.readinessProbe.httpGet.withHost

withHost(host)

"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead."

fn container.readinessProbe.httpGet.withHttpHeaders

withHttpHeaders(httpHeaders)

"Custom headers to set in the request. HTTP allows repeated headers."

fn container.readinessProbe.httpGet.withHttpHeadersMixin

withHttpHeadersMixin(httpHeaders)

"Custom headers to set in the request. HTTP allows repeated headers."

Note: This function appends passed data to existing values

fn container.readinessProbe.httpGet.withPath

withPath(path)

"Path to access on the HTTP server."

fn container.readinessProbe.httpGet.withPort

withPort(port)

fn container.readinessProbe.httpGet.withScheme

withScheme(scheme)

"Scheme to use for connecting to the host. Defaults to HTTP.\n\nPossible enum values:\n - \"HTTP\" means that the scheme used will be http://\n - \"HTTPS\" means that the scheme used will be https://"

obj container.readinessProbe.tcpSocket

"TCPSocketAction describes an action based on opening a socket"

fn container.readinessProbe.tcpSocket.withHost

withHost(host)

"Optional: Host name to connect to, defaults to the pod IP."

fn container.readinessProbe.tcpSocket.withPort

withPort(port)

obj container.resources

"ResourceRequirements describes the compute resource requirements."

fn container.resources.withLimits

withLimits(limits)

"Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"

fn container.resources.withLimitsMixin

withLimitsMixin(limits)

"Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"

Note: This function appends passed data to existing values

fn container.resources.withRequests

withRequests(requests)

"Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"

fn container.resources.withRequestsMixin

withRequestsMixin(requests)

"Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"

Note: This function appends passed data to existing values

obj container.securityContext

"SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence."

fn container.securityContext.withAllowPrivilegeEscalation

withAllowPrivilegeEscalation(allowPrivilegeEscalation)

"AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows."

fn container.securityContext.withPrivileged

withPrivileged(privileged)

"Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows."

fn container.securityContext.withProcMount

withProcMount(procMount)

"procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows."

fn container.securityContext.withReadOnlyRootFilesystem

withReadOnlyRootFilesystem(readOnlyRootFilesystem)

"Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows."

fn container.securityContext.withRunAsGroup

withRunAsGroup(runAsGroup)

"The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows."

fn container.securityContext.withRunAsNonRoot

withRunAsNonRoot(runAsNonRoot)

"Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."

fn container.securityContext.withRunAsUser

withRunAsUser(runAsUser)

"The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows."

obj container.securityContext.capabilities

"Adds and removes POSIX capabilities from running containers."

fn container.securityContext.capabilities.withAdd

withAdd(add)

"Added capabilities"

fn container.securityContext.capabilities.withAddMixin

withAddMixin(add)

"Added capabilities"

Note: This function appends passed data to existing values

fn container.securityContext.capabilities.withDrop

withDrop(drop)

"Removed capabilities"

fn container.securityContext.capabilities.withDropMixin

withDropMixin(drop)

"Removed capabilities"

Note: This function appends passed data to existing values

obj container.securityContext.seLinuxOptions

"SELinuxOptions are the labels to be applied to the container"

fn container.securityContext.seLinuxOptions.withLevel

withLevel(level)

"Level is SELinux level label that applies to the container."

fn container.securityContext.seLinuxOptions.withRole

withRole(role)

"Role is a SELinux role label that applies to the container."

fn container.securityContext.seLinuxOptions.withType

withType(type)

"Type is a SELinux type label that applies to the container."

fn container.securityContext.seLinuxOptions.withUser

withUser(user)

"User is a SELinux user label that applies to the container."

obj container.securityContext.seccompProfile

"SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set."

fn container.securityContext.seccompProfile.withLocalhostProfile

withLocalhostProfile(localhostProfile)

"localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\"."

fn container.securityContext.seccompProfile.withType

withType(type)

"type indicates which kind of seccomp profile will be applied. Valid options are:\n\nLocalhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.\n\nPossible enum values:\n - \"Localhost\" indicates a profile defined in a file on the node should be used. The file's location relative to /seccomp.\n - \"RuntimeDefault\" represents the default container runtime seccomp profile.\n - \"Unconfined\" indicates no seccomp profile is applied (A.K.A. unconfined)."

obj container.securityContext.windowsOptions

"WindowsSecurityContextOptions contain Windows-specific options and credentials."

fn container.securityContext.windowsOptions.withGmsaCredentialSpec

withGmsaCredentialSpec(gmsaCredentialSpec)

"GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field."

fn container.securityContext.windowsOptions.withGmsaCredentialSpecName

withGmsaCredentialSpecName(gmsaCredentialSpecName)

"GMSACredentialSpecName is the name of the GMSA credential spec to use."

fn container.securityContext.windowsOptions.withHostProcess

withHostProcess(hostProcess)

"HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true."

fn container.securityContext.windowsOptions.withRunAsUserName

withRunAsUserName(runAsUserName)

"The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."

obj container.startupProbe

"Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic."

fn container.startupProbe.withFailureThreshold

withFailureThreshold(failureThreshold)

"Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1."

fn container.startupProbe.withInitialDelaySeconds

withInitialDelaySeconds(initialDelaySeconds)

"Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"

fn container.startupProbe.withPeriodSeconds

withPeriodSeconds(periodSeconds)

"How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1."

fn container.startupProbe.withSuccessThreshold

withSuccessThreshold(successThreshold)

"Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1."

fn container.startupProbe.withTerminationGracePeriodSeconds

withTerminationGracePeriodSeconds(terminationGracePeriodSeconds)

"Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset."

fn container.startupProbe.withTimeoutSeconds

withTimeoutSeconds(timeoutSeconds)

"Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"

obj container.startupProbe.exec

"ExecAction describes a \"run in container\" action."

fn container.startupProbe.exec.withCommand

withCommand(command)

"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy."

fn container.startupProbe.exec.withCommandMixin

withCommandMixin(command)

"Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy."

Note: This function appends passed data to existing values

obj container.startupProbe.grpc

fn container.startupProbe.grpc.withPort

withPort(port)

"Port number of the gRPC service. Number must be in the range 1 to 65535."

fn container.startupProbe.grpc.withService

withService(service)

"Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC."

obj container.startupProbe.httpGet

"HTTPGetAction describes an action based on HTTP Get requests."

fn container.startupProbe.httpGet.withHost

withHost(host)

"Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead."

fn container.startupProbe.httpGet.withHttpHeaders

withHttpHeaders(httpHeaders)

"Custom headers to set in the request. HTTP allows repeated headers."

fn container.startupProbe.httpGet.withHttpHeadersMixin

withHttpHeadersMixin(httpHeaders)

"Custom headers to set in the request. HTTP allows repeated headers."

Note: This function appends passed data to existing values

fn container.startupProbe.httpGet.withPath

withPath(path)

"Path to access on the HTTP server."

fn container.startupProbe.httpGet.withPort

withPort(port)

fn container.startupProbe.httpGet.withScheme

withScheme(scheme)

"Scheme to use for connecting to the host. Defaults to HTTP.\n\nPossible enum values:\n - \"HTTP\" means that the scheme used will be http://\n - \"HTTPS\" means that the scheme used will be https://"

obj container.startupProbe.tcpSocket

"TCPSocketAction describes an action based on opening a socket"

fn container.startupProbe.tcpSocket.withHost

withHost(host)

"Optional: Host name to connect to, defaults to the pod IP."

fn container.startupProbe.tcpSocket.withPort

withPort(port)

obj metadata

fn metadata.withAnnotations

withAnnotations(annotations)

fn metadata.withAnnotationsMixin

withAnnotationsMixin(annotations)

Note: This function appends passed data to existing values

fn metadata.withLabels

withLabels(labels)

fn metadata.withLabelsMixin

withLabelsMixin(labels)

Note: This function appends passed data to existing values

obj securityContext

"PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext."

fn securityContext.withFsGroup

withFsGroup(fsGroup)

"A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:\n\n1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows."

fn securityContext.withFsGroupChangePolicy

withFsGroupChangePolicy(fsGroupChangePolicy)

"fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used. Note that this field cannot be set when spec.os.name is windows."

fn securityContext.withRunAsGroup

withRunAsGroup(runAsGroup)

"The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows."

fn securityContext.withRunAsNonRoot

withRunAsNonRoot(runAsNonRoot)

"Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."

fn securityContext.withRunAsUser

withRunAsUser(runAsUser)

"The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows."

fn securityContext.withSupplementalGroups

withSupplementalGroups(supplementalGroups)

"A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. Note that this field cannot be set when spec.os.name is windows."

fn securityContext.withSupplementalGroupsMixin

withSupplementalGroupsMixin(supplementalGroups)

"A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. Note that this field cannot be set when spec.os.name is windows."

Note: This function appends passed data to existing values

fn securityContext.withSysctls

withSysctls(sysctls)

"Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows."

fn securityContext.withSysctlsMixin

withSysctlsMixin(sysctls)

"Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows."

Note: This function appends passed data to existing values

obj securityContext.seLinuxOptions

"SELinuxOptions are the labels to be applied to the container"

fn securityContext.seLinuxOptions.withLevel

withLevel(level)

"Level is SELinux level label that applies to the container."

fn securityContext.seLinuxOptions.withRole

withRole(role)

"Role is a SELinux role label that applies to the container."

fn securityContext.seLinuxOptions.withType

withType(type)

"Type is a SELinux type label that applies to the container."

fn securityContext.seLinuxOptions.withUser

withUser(user)

"User is a SELinux user label that applies to the container."

obj securityContext.seccompProfile

"SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set."

fn securityContext.seccompProfile.withLocalhostProfile

withLocalhostProfile(localhostProfile)

"localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is \"Localhost\"."

fn securityContext.seccompProfile.withType

withType(type)

"type indicates which kind of seccomp profile will be applied. Valid options are:\n\nLocalhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.\n\nPossible enum values:\n - \"Localhost\" indicates a profile defined in a file on the node should be used. The file's location relative to /seccomp.\n - \"RuntimeDefault\" represents the default container runtime seccomp profile.\n - \"Unconfined\" indicates no seccomp profile is applied (A.K.A. unconfined)."

obj securityContext.windowsOptions

"WindowsSecurityContextOptions contain Windows-specific options and credentials."

fn securityContext.windowsOptions.withGmsaCredentialSpec

withGmsaCredentialSpec(gmsaCredentialSpec)

"GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field."

fn securityContext.windowsOptions.withGmsaCredentialSpecName

withGmsaCredentialSpecName(gmsaCredentialSpecName)

"GMSACredentialSpecName is the name of the GMSA credential spec to use."

fn securityContext.windowsOptions.withHostProcess

withHostProcess(hostProcess)

"HostProcess determines if a container should be run as a 'Host Process' container. This field is alpha-level and will only be honored by components that enable the WindowsHostProcessContainers feature flag. Setting this field without the feature flag will result in errors when validating the Pod. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true."

fn securityContext.windowsOptions.withRunAsUserName

withRunAsUserName(runAsUserName)

"The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence."