cloudsql.v1.authProxyWorkload
"AuthProxyWorkload declares how a Cloud SQL Proxy container should be applied\nto a matching set of workloads, and shows the status of those proxy containers."
Index
fn new(name)obj metadatafn withAnnotations(annotations)fn withAnnotationsMixin(annotations)fn withClusterName(clusterName)fn withCreationTimestamp(creationTimestamp)fn withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)fn withDeletionTimestamp(deletionTimestamp)fn withFinalizers(finalizers)fn withFinalizersMixin(finalizers)fn withGenerateName(generateName)fn withGeneration(generation)fn withLabels(labels)fn withLabelsMixin(labels)fn withName(name)fn withNamespace(namespace)fn withOwnerReferences(ownerReferences)fn withOwnerReferencesMixin(ownerReferences)fn withResourceVersion(resourceVersion)fn withSelfLink(selfLink)fn withUid(uid)
obj specfn withInstances(instances)fn withInstancesMixin(instances)obj spec.authProxyContainerfn withImage(image)fn withMaxConnections(maxConnections)fn withMaxSigtermDelay(maxSigtermDelay)fn withQuiet(quiet)fn withRolloutStrategy(rolloutStrategy)fn withSqlAdminAPIEndpoint(sqlAdminAPIEndpoint)obj spec.authProxyContainer.adminServerobj spec.authProxyContainer.authenticationobj spec.authProxyContainer.containerfn withArgs(args)fn withArgsMixin(args)fn withCommand(command)fn withCommandMixin(command)fn withEnv(env)fn withEnvFrom(envFrom)fn withEnvFromMixin(envFrom)fn withEnvMixin(env)fn withImage(image)fn withImagePullPolicy(imagePullPolicy)fn withName(name)fn withPorts(ports)fn withPortsMixin(ports)fn withResizePolicy(resizePolicy)fn withResizePolicyMixin(resizePolicy)fn withRestartPolicy(restartPolicy)fn withStdin(stdin)fn withStdinOnce(stdinOnce)fn withTerminationMessagePath(terminationMessagePath)fn withTerminationMessagePolicy(terminationMessagePolicy)fn withTty(tty)fn withVolumeDevices(volumeDevices)fn withVolumeDevicesMixin(volumeDevices)fn withVolumeMounts(volumeMounts)fn withVolumeMountsMixin(volumeMounts)fn withWorkingDir(workingDir)obj spec.authProxyContainer.container.envfn withName(name)fn withValue(value)obj spec.authProxyContainer.container.env.valueFrom
obj spec.authProxyContainer.container.envFromobj spec.authProxyContainer.container.lifecycleobj spec.authProxyContainer.container.lifecycle.postStartobj spec.authProxyContainer.container.lifecycle.preStop
obj spec.authProxyContainer.container.livenessProbefn withFailureThreshold(failureThreshold)fn withInitialDelaySeconds(initialDelaySeconds)fn withPeriodSeconds(periodSeconds)fn withSuccessThreshold(successThreshold)fn withTerminationGracePeriodSeconds(terminationGracePeriodSeconds)fn withTimeoutSeconds(timeoutSeconds)obj spec.authProxyContainer.container.livenessProbe.execobj spec.authProxyContainer.container.livenessProbe.grpcobj spec.authProxyContainer.container.livenessProbe.httpGetobj spec.authProxyContainer.container.livenessProbe.tcpSocket
obj spec.authProxyContainer.container.portsobj spec.authProxyContainer.container.readinessProbefn withFailureThreshold(failureThreshold)fn withInitialDelaySeconds(initialDelaySeconds)fn withPeriodSeconds(periodSeconds)fn withSuccessThreshold(successThreshold)fn withTerminationGracePeriodSeconds(terminationGracePeriodSeconds)fn withTimeoutSeconds(timeoutSeconds)obj spec.authProxyContainer.container.readinessProbe.execobj spec.authProxyContainer.container.readinessProbe.grpcobj spec.authProxyContainer.container.readinessProbe.httpGetobj spec.authProxyContainer.container.readinessProbe.tcpSocket
obj spec.authProxyContainer.container.resizePolicyobj spec.authProxyContainer.container.resourcesobj spec.authProxyContainer.container.securityContextfn withAllowPrivilegeEscalation(allowPrivilegeEscalation)fn withPrivileged(privileged)fn withProcMount(procMount)fn withReadOnlyRootFilesystem(readOnlyRootFilesystem)fn withRunAsGroup(runAsGroup)fn withRunAsNonRoot(runAsNonRoot)fn withRunAsUser(runAsUser)obj spec.authProxyContainer.container.securityContext.capabilitiesobj spec.authProxyContainer.container.securityContext.seLinuxOptionsobj spec.authProxyContainer.container.securityContext.seccompProfileobj spec.authProxyContainer.container.securityContext.windowsOptions
obj spec.authProxyContainer.container.startupProbefn withFailureThreshold(failureThreshold)fn withInitialDelaySeconds(initialDelaySeconds)fn withPeriodSeconds(periodSeconds)fn withSuccessThreshold(successThreshold)fn withTerminationGracePeriodSeconds(terminationGracePeriodSeconds)fn withTimeoutSeconds(timeoutSeconds)obj spec.authProxyContainer.container.startupProbe.execobj spec.authProxyContainer.container.startupProbe.grpcobj spec.authProxyContainer.container.startupProbe.httpGetobj spec.authProxyContainer.container.startupProbe.tcpSocket
obj spec.authProxyContainer.container.volumeDevicesobj spec.authProxyContainer.container.volumeMounts
obj spec.authProxyContainer.resourcesobj spec.authProxyContainer.telemetryfn withDisableMetrics(disableMetrics)fn withDisableTraces(disableTraces)fn withHttpPort(httpPort)fn withPrometheus(prometheus)fn withPrometheusNamespace(prometheusNamespace)fn withQuotaProject(quotaProject)fn withTelemetryPrefix(telemetryPrefix)fn withTelemetryProject(telemetryProject)fn withTelemetrySampleRate(telemetrySampleRate)
obj spec.instancesobj spec.workloadSelector
Fields
fn new
new(name)
new returns an instance of AuthProxyWorkload
obj metadata
"ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create."
fn metadata.withAnnotations
withAnnotations(annotations)
"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"
fn metadata.withAnnotationsMixin
withAnnotationsMixin(annotations)
"Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations"
Note: This function appends passed data to existing values
fn metadata.withClusterName
withClusterName(clusterName)
"The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request."
fn metadata.withCreationTimestamp
withCreationTimestamp(creationTimestamp)
"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."
fn metadata.withDeletionGracePeriodSeconds
withDeletionGracePeriodSeconds(deletionGracePeriodSeconds)
"Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only."
fn metadata.withDeletionTimestamp
withDeletionTimestamp(deletionTimestamp)
"Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers."
fn metadata.withFinalizers
withFinalizers(finalizers)
"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."
fn metadata.withFinalizersMixin
withFinalizersMixin(finalizers)
"Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list."
Note: This function appends passed data to existing values
fn metadata.withGenerateName
withGenerateName(generateName)
"GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency"
fn metadata.withGeneration
withGeneration(generation)
"A sequence number representing a specific generation of the desired state. Populated by the system. Read-only."
fn metadata.withLabels
withLabels(labels)
"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"
fn metadata.withLabelsMixin
withLabelsMixin(labels)
"Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels"
Note: This function appends passed data to existing values
fn metadata.withName
withName(name)
"Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names"
fn metadata.withNamespace
withNamespace(namespace)
"Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces"
fn metadata.withOwnerReferences
withOwnerReferences(ownerReferences)
"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."
fn metadata.withOwnerReferencesMixin
withOwnerReferencesMixin(ownerReferences)
"List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller."
Note: This function appends passed data to existing values
fn metadata.withResourceVersion
withResourceVersion(resourceVersion)
"An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency"
fn metadata.withSelfLink
withSelfLink(selfLink)
"SelfLink is a URL representing this object. Populated by the system. Read-only.\n\nDEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release."
fn metadata.withUid
withUid(uid)
"UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids"
obj spec
"AuthProxyWorkloadSpec describes where and how to configure the proxy."
fn spec.withInstances
withInstances(instances)
"Instances describes the Cloud SQL instances to configure on the proxy container."
fn spec.withInstancesMixin
withInstancesMixin(instances)
"Instances describes the Cloud SQL instances to configure on the proxy container."
Note: This function appends passed data to existing values
obj spec.authProxyContainer
"AuthProxyContainer describes the resources and config for the Auth Proxy container."
fn spec.authProxyContainer.withImage
withImage(image)
"Image is the URL to the proxy image. Optional, by default the operator\nwill use the latest Cloud SQL Auth Proxy version as of the release of the\noperator.\n\n\nThe operator ensures that all workloads configured with the default proxy\nimage are upgraded automatically to use to the latest released proxy image.\n\n\nWhen the customer upgrades the operator, the operator upgrades all\nworkloads using the default proxy image to the latest proxy image. The\nchange to the proxy container image is applied in accordance with\nthe RolloutStrategy."
fn spec.authProxyContainer.withMaxConnections
withMaxConnections(maxConnections)
"MaxConnections limits the number of connections. Default value is no limit.\nThis sets the proxy container's CLI argument --max-connections"
fn spec.authProxyContainer.withMaxSigtermDelay
withMaxSigtermDelay(maxSigtermDelay)
"MaxSigtermDelay is the maximum number of seconds to wait for connections to\nclose after receiving a TERM signal. This sets the proxy container's\nCLI argument --max-sigterm-delay and\nconfigures terminationGracePeriodSeconds on the workload's PodSpec."
fn spec.authProxyContainer.withQuiet
withQuiet(quiet)
"Quiet configures the proxy's --quiet flag to limit the amount of\nlogging generated by the proxy container."
fn spec.authProxyContainer.withRolloutStrategy
withRolloutStrategy(rolloutStrategy)
"RolloutStrategy indicates the strategy to use when rolling out changes to\nthe workloads affected by the results. When this is set to\nWorkload, changes to this resource will be automatically applied\nto a running Deployment, StatefulSet, DaemonSet, or ReplicaSet in\naccordance with the Strategy set on that workload. When this is set to\nNone, the operator will take no action to roll out changes to affected\nworkloads. Workload will be used by default if no value is set.\nSee: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy"
fn spec.authProxyContainer.withSqlAdminAPIEndpoint
withSqlAdminAPIEndpoint(sqlAdminAPIEndpoint)
"SQLAdminAPIEndpoint is a debugging parameter that when specified will\nchange the Google Cloud api endpoint used by the proxy."
obj spec.authProxyContainer.adminServer
"AdminServer specifies the config for the proxy's admin service which is\navailable to other containers in the same pod."
fn spec.authProxyContainer.adminServer.withEnableAPIs
withEnableAPIs(enableAPIs)
"EnableAPIs specifies the list of admin APIs to enable. At least one\nAPI must be enabled. Possible values:\n- \"Debug\" will enable pprof debugging by setting the --debug cli flag.\n- \"QuitQuitQuit\" will enable pprof debugging by setting the --quitquitquit\n cli flag."
fn spec.authProxyContainer.adminServer.withEnableAPIsMixin
withEnableAPIsMixin(enableAPIs)
"EnableAPIs specifies the list of admin APIs to enable. At least one\nAPI must be enabled. Possible values:\n- \"Debug\" will enable pprof debugging by setting the --debug cli flag.\n- \"QuitQuitQuit\" will enable pprof debugging by setting the --quitquitquit\n cli flag."
Note: This function appends passed data to existing values
fn spec.authProxyContainer.adminServer.withPort
withPort(port)
"Port the port for the proxy's localhost-only admin server.\nThis sets the proxy container's CLI argument --admin-port"
obj spec.authProxyContainer.authentication
"Authentication specifies the config for how the proxy authenticates itself\nto the Google Cloud API."
fn spec.authProxyContainer.authentication.withImpersonationChain
withImpersonationChain(impersonationChain)
"ImpersonationChain is a list of one or more service\naccounts. The first entry in the chain is the impersonation target. Any\nadditional service accounts after the target are delegates. The\nroles/iam.serviceAccountTokenCreator must be configured for each account\nthat will be impersonated. This sets the --impersonate-service-account\nflag on the proxy."
fn spec.authProxyContainer.authentication.withImpersonationChainMixin
withImpersonationChainMixin(impersonationChain)
"ImpersonationChain is a list of one or more service\naccounts. The first entry in the chain is the impersonation target. Any\nadditional service accounts after the target are delegates. The\nroles/iam.serviceAccountTokenCreator must be configured for each account\nthat will be impersonated. This sets the --impersonate-service-account\nflag on the proxy."
Note: This function appends passed data to existing values
obj spec.authProxyContainer.container
"Container is debugging parameter that when specified will override the\nproxy container with a completely custom Container spec."
fn spec.authProxyContainer.container.withArgs
withArgs(args)
"Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell"
fn spec.authProxyContainer.container.withArgsMixin
withArgsMixin(args)
"Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell"
Note: This function appends passed data to existing values
fn spec.authProxyContainer.container.withCommand
withCommand(command)
"Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell"
fn spec.authProxyContainer.container.withCommandMixin
withCommandMixin(command)
"Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell"
Note: This function appends passed data to existing values
fn spec.authProxyContainer.container.withEnv
withEnv(env)
"List of environment variables to set in the container.\nCannot be updated."
fn spec.authProxyContainer.container.withEnvFrom
withEnvFrom(envFrom)
"List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated."
fn spec.authProxyContainer.container.withEnvFromMixin
withEnvFromMixin(envFrom)
"List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated."
Note: This function appends passed data to existing values
fn spec.authProxyContainer.container.withEnvMixin
withEnvMixin(env)
"List of environment variables to set in the container.\nCannot be updated."
Note: This function appends passed data to existing values
fn spec.authProxyContainer.container.withImage
withImage(image)
"Container image name.\nMore info: https://kubernetes.io/docs/concepts/containers/images\nThis field is optional to allow higher level config management to default or override\ncontainer images in workload controllers like Deployments and StatefulSets."
fn spec.authProxyContainer.container.withImagePullPolicy
withImagePullPolicy(imagePullPolicy)
"Image pull policy.\nOne of Always, Never, IfNotPresent.\nDefaults to Always if :latest tag is specified, or IfNotPresent otherwise.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/containers/images#updating-images"
fn spec.authProxyContainer.container.withName
withName(name)
"Name of the container specified as a DNS_LABEL.\nEach container in a pod must have a unique name (DNS_LABEL).\nCannot be updated."
fn spec.authProxyContainer.container.withPorts
withPorts(ports)
"List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated."
fn spec.authProxyContainer.container.withPortsMixin
withPortsMixin(ports)
"List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated."
Note: This function appends passed data to existing values
fn spec.authProxyContainer.container.withResizePolicy
withResizePolicy(resizePolicy)
"Resources resize policy for the container."
fn spec.authProxyContainer.container.withResizePolicyMixin
withResizePolicyMixin(resizePolicy)
"Resources resize policy for the container."
Note: This function appends passed data to existing values
fn spec.authProxyContainer.container.withRestartPolicy
withRestartPolicy(restartPolicy)
"RestartPolicy defines the restart behavior of individual containers in a pod.\nThis field may only be set for init containers, and the only allowed value is \"Always\".\nFor non-init containers or when this field is not specified,\nthe restart behavior is defined by the Pod's restart policy and the container type.\nSetting the RestartPolicy as \"Always\" for the init container will have the following effect:\nthis init container will be continually restarted on\nexit until all regular containers have terminated. Once all regular\ncontainers have completed, all init containers with restartPolicy \"Always\"\nwill be shut down. This lifecycle differs from normal init containers and\nis often referred to as a \"sidecar\" container. Although this init\ncontainer still starts in the init container sequence, it does not wait\nfor the container to complete before proceeding to the next init\ncontainer. Instead, the next init container starts immediately after this\ninit container is started, or after any startupProbe has successfully\ncompleted."
fn spec.authProxyContainer.container.withStdin
withStdin(stdin)
"Whether this container should allocate a buffer for stdin in the container runtime. If this\nis not set, reads from stdin in the container will always result in EOF.\nDefault is false."
fn spec.authProxyContainer.container.withStdinOnce
withStdinOnce(stdinOnce)
"Whether the container runtime should close the stdin channel after it has been opened by\na single attach. When stdin is true the stdin stream will remain open across multiple attach\nsessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the\nfirst client attaches to stdin, and then remains open and accepts data until the client disconnects,\nat which time stdin is closed and remains closed until the container is restarted. If this\nflag is false, a container processes that reads from stdin will never receive an EOF.\nDefault is false"
fn spec.authProxyContainer.container.withTerminationMessagePath
withTerminationMessagePath(terminationMessagePath)
"Optional: Path at which the file to which the container's termination message\nwill be written is mounted into the container's filesystem.\nMessage written is intended to be brief final status, such as an assertion failure message.\nWill be truncated by the node if greater than 4096 bytes. The total message length across\nall containers will be limited to 12kb.\nDefaults to /dev/termination-log.\nCannot be updated."
fn spec.authProxyContainer.container.withTerminationMessagePolicy
withTerminationMessagePolicy(terminationMessagePolicy)
"Indicate how the termination message should be populated. File will use the contents of\nterminationMessagePath to populate the container status message on both success and failure.\nFallbackToLogsOnError will use the last chunk of container log output if the termination\nmessage file is empty and the container exited with an error.\nThe log output is limited to 2048 bytes or 80 lines, whichever is smaller.\nDefaults to File.\nCannot be updated."
fn spec.authProxyContainer.container.withTty
withTty(tty)
"Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.\nDefault is false."
fn spec.authProxyContainer.container.withVolumeDevices
withVolumeDevices(volumeDevices)
"volumeDevices is the list of block devices to be used by the container."
fn spec.authProxyContainer.container.withVolumeDevicesMixin
withVolumeDevicesMixin(volumeDevices)
"volumeDevices is the list of block devices to be used by the container."
Note: This function appends passed data to existing values
fn spec.authProxyContainer.container.withVolumeMounts
withVolumeMounts(volumeMounts)
"Pod volumes to mount into the container's filesystem.\nCannot be updated."
fn spec.authProxyContainer.container.withVolumeMountsMixin
withVolumeMountsMixin(volumeMounts)
"Pod volumes to mount into the container's filesystem.\nCannot be updated."
Note: This function appends passed data to existing values
fn spec.authProxyContainer.container.withWorkingDir
withWorkingDir(workingDir)
"Container's working directory.\nIf not specified, the container runtime's default will be used, which\nmight be configured in the container image.\nCannot be updated."
obj spec.authProxyContainer.container.env
"List of environment variables to set in the container.\nCannot be updated."
fn spec.authProxyContainer.container.env.withName
withName(name)
"Name of the environment variable. Must be a C_IDENTIFIER."
fn spec.authProxyContainer.container.env.withValue
withValue(value)
"Variable references $(VAR_NAME) are expanded\nusing the previously defined environment variables in the container and\nany service environment variables. If a variable cannot be resolved,\nthe reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.\n\"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\".\nEscaped references will never be expanded, regardless of whether the variable\nexists or not.\nDefaults to \"\"."
obj spec.authProxyContainer.container.env.valueFrom
"Source for the environment variable's value. Cannot be used if value is not empty."
obj spec.authProxyContainer.container.env.valueFrom.configMapKeyRef
"Selects a key of a ConfigMap."
fn spec.authProxyContainer.container.env.valueFrom.configMapKeyRef.withKey
withKey(key)
"The key to select."
fn spec.authProxyContainer.container.env.valueFrom.configMapKeyRef.withName
withName(name)
"Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?"
fn spec.authProxyContainer.container.env.valueFrom.configMapKeyRef.withOptional
withOptional(optional)
"Specify whether the ConfigMap or its key must be defined"
obj spec.authProxyContainer.container.env.valueFrom.fieldRef
"Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels['<KEY>'], metadata.annotations['<KEY>'],\nspec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs."
fn spec.authProxyContainer.container.env.valueFrom.fieldRef.withApiVersion
withApiVersion(apiVersion)
"Version of the schema the FieldPath is written in terms of, defaults to \"v1\"."
fn spec.authProxyContainer.container.env.valueFrom.fieldRef.withFieldPath
withFieldPath(fieldPath)
"Path of the field to select in the specified API version."
obj spec.authProxyContainer.container.env.valueFrom.resourceFieldRef
"Selects a resource of the container: only resources limits and requests\n(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported."
fn spec.authProxyContainer.container.env.valueFrom.resourceFieldRef.withContainerName
withContainerName(containerName)
"Container name: required for volumes, optional for env vars"
fn spec.authProxyContainer.container.env.valueFrom.resourceFieldRef.withDivisor
withDivisor(divisor)
"Specifies the output format of the exposed resources, defaults to \"1\
fn spec.authProxyContainer.container.env.valueFrom.resourceFieldRef.withResource
withResource(resource)
"Required: resource to select"
obj spec.authProxyContainer.container.env.valueFrom.secretKeyRef
"Selects a key of a secret in the pod's namespace"
fn spec.authProxyContainer.container.env.valueFrom.secretKeyRef.withKey
withKey(key)
"The key of the secret to select from. Must be a valid secret key."
fn spec.authProxyContainer.container.env.valueFrom.secretKeyRef.withName
withName(name)
"Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?"
fn spec.authProxyContainer.container.env.valueFrom.secretKeyRef.withOptional
withOptional(optional)
"Specify whether the Secret or its key must be defined"
obj spec.authProxyContainer.container.envFrom
"List of sources to populate environment variables in the container.\nThe keys defined within a source must be a C_IDENTIFIER. All invalid keys\nwill be reported as an event when the container is starting. When a key exists in multiple\nsources, the value associated with the last source will take precedence.\nValues defined by an Env with a duplicate key will take precedence.\nCannot be updated."
fn spec.authProxyContainer.container.envFrom.withPrefix
withPrefix(prefix)
"An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER."
obj spec.authProxyContainer.container.envFrom.configMapRef
"The ConfigMap to select from"
fn spec.authProxyContainer.container.envFrom.configMapRef.withName
withName(name)
"Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?"
fn spec.authProxyContainer.container.envFrom.configMapRef.withOptional
withOptional(optional)
"Specify whether the ConfigMap must be defined"
obj spec.authProxyContainer.container.envFrom.secretRef
"The Secret to select from"
fn spec.authProxyContainer.container.envFrom.secretRef.withName
withName(name)
"Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\nTODO: Add other useful fields. apiVersion, kind, uid?"
fn spec.authProxyContainer.container.envFrom.secretRef.withOptional
withOptional(optional)
"Specify whether the Secret must be defined"
obj spec.authProxyContainer.container.lifecycle
"Actions that the management system should take in response to container lifecycle events.\nCannot be updated."
obj spec.authProxyContainer.container.lifecycle.postStart
"PostStart is called immediately after a container is created. If the handler fails,\nthe container is terminated and restarted according to its restart policy.\nOther management of the container blocks until the hook completes.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
obj spec.authProxyContainer.container.lifecycle.postStart.exec
"Exec specifies the action to take."
fn spec.authProxyContainer.container.lifecycle.postStart.exec.withCommand
withCommand(command)
"Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy."
fn spec.authProxyContainer.container.lifecycle.postStart.exec.withCommandMixin
withCommandMixin(command)
"Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy."
Note: This function appends passed data to existing values
obj spec.authProxyContainer.container.lifecycle.postStart.httpGet
"HTTPGet specifies the http request to perform."
fn spec.authProxyContainer.container.lifecycle.postStart.httpGet.withHost
withHost(host)
"Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead."
fn spec.authProxyContainer.container.lifecycle.postStart.httpGet.withHttpHeaders
withHttpHeaders(httpHeaders)
"Custom headers to set in the request. HTTP allows repeated headers."
fn spec.authProxyContainer.container.lifecycle.postStart.httpGet.withHttpHeadersMixin
withHttpHeadersMixin(httpHeaders)
"Custom headers to set in the request. HTTP allows repeated headers."
Note: This function appends passed data to existing values
fn spec.authProxyContainer.container.lifecycle.postStart.httpGet.withPath
withPath(path)
"Path to access on the HTTP server."
fn spec.authProxyContainer.container.lifecycle.postStart.httpGet.withPort
withPort(port)
"Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME."
fn spec.authProxyContainer.container.lifecycle.postStart.httpGet.withScheme
withScheme(scheme)
"Scheme to use for connecting to the host.\nDefaults to HTTP."
obj spec.authProxyContainer.container.lifecycle.postStart.httpGet.httpHeaders
"Custom headers to set in the request. HTTP allows repeated headers."
fn spec.authProxyContainer.container.lifecycle.postStart.httpGet.httpHeaders.withName
withName(name)
"The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header."
fn spec.authProxyContainer.container.lifecycle.postStart.httpGet.httpHeaders.withValue
withValue(value)
"The header field value"
obj spec.authProxyContainer.container.lifecycle.postStart.sleep
"Sleep represents the duration that the container should sleep before being terminated."
fn spec.authProxyContainer.container.lifecycle.postStart.sleep.withSeconds
withSeconds(seconds)
"Seconds is the number of seconds to sleep."
obj spec.authProxyContainer.container.lifecycle.postStart.tcpSocket
"Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor the backward compatibility. There are no validation of this field and\nlifecycle hooks will fail in runtime when tcp handler is specified."
fn spec.authProxyContainer.container.lifecycle.postStart.tcpSocket.withHost
withHost(host)
"Optional: Host name to connect to, defaults to the pod IP."
fn spec.authProxyContainer.container.lifecycle.postStart.tcpSocket.withPort
withPort(port)
"Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME."
obj spec.authProxyContainer.container.lifecycle.preStop
"PreStop is called immediately before a container is terminated due to an\nAPI request or management event such as liveness/startup probe failure,\npreemption, resource contention, etc. The handler is not called if the\ncontainer crashes or exits. The Pod's termination grace period countdown begins before the\nPreStop hook is executed. Regardless of the outcome of the handler, the\ncontainer will eventually terminate within the Pod's termination grace\nperiod (unless delayed by finalizers). Other management of the container blocks until the hook completes\nor until the termination grace period is reached.\nMore info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks"
obj spec.authProxyContainer.container.lifecycle.preStop.exec
"Exec specifies the action to take."
fn spec.authProxyContainer.container.lifecycle.preStop.exec.withCommand
withCommand(command)
"Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy."
fn spec.authProxyContainer.container.lifecycle.preStop.exec.withCommandMixin
withCommandMixin(command)
"Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy."
Note: This function appends passed data to existing values
obj spec.authProxyContainer.container.lifecycle.preStop.httpGet
"HTTPGet specifies the http request to perform."
fn spec.authProxyContainer.container.lifecycle.preStop.httpGet.withHost
withHost(host)
"Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead."
fn spec.authProxyContainer.container.lifecycle.preStop.httpGet.withHttpHeaders
withHttpHeaders(httpHeaders)
"Custom headers to set in the request. HTTP allows repeated headers."
fn spec.authProxyContainer.container.lifecycle.preStop.httpGet.withHttpHeadersMixin
withHttpHeadersMixin(httpHeaders)
"Custom headers to set in the request. HTTP allows repeated headers."
Note: This function appends passed data to existing values
fn spec.authProxyContainer.container.lifecycle.preStop.httpGet.withPath
withPath(path)
"Path to access on the HTTP server."
fn spec.authProxyContainer.container.lifecycle.preStop.httpGet.withPort
withPort(port)
"Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME."
fn spec.authProxyContainer.container.lifecycle.preStop.httpGet.withScheme
withScheme(scheme)
"Scheme to use for connecting to the host.\nDefaults to HTTP."
obj spec.authProxyContainer.container.lifecycle.preStop.httpGet.httpHeaders
"Custom headers to set in the request. HTTP allows repeated headers."
fn spec.authProxyContainer.container.lifecycle.preStop.httpGet.httpHeaders.withName
withName(name)
"The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header."
fn spec.authProxyContainer.container.lifecycle.preStop.httpGet.httpHeaders.withValue
withValue(value)
"The header field value"
obj spec.authProxyContainer.container.lifecycle.preStop.sleep
"Sleep represents the duration that the container should sleep before being terminated."
fn spec.authProxyContainer.container.lifecycle.preStop.sleep.withSeconds
withSeconds(seconds)
"Seconds is the number of seconds to sleep."
obj spec.authProxyContainer.container.lifecycle.preStop.tcpSocket
"Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept\nfor the backward compatibility. There are no validation of this field and\nlifecycle hooks will fail in runtime when tcp handler is specified."
fn spec.authProxyContainer.container.lifecycle.preStop.tcpSocket.withHost
withHost(host)
"Optional: Host name to connect to, defaults to the pod IP."
fn spec.authProxyContainer.container.lifecycle.preStop.tcpSocket.withPort
withPort(port)
"Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME."
obj spec.authProxyContainer.container.livenessProbe
"Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
fn spec.authProxyContainer.container.livenessProbe.withFailureThreshold
withFailureThreshold(failureThreshold)
"Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1."
fn spec.authProxyContainer.container.livenessProbe.withInitialDelaySeconds
withInitialDelaySeconds(initialDelaySeconds)
"Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
fn spec.authProxyContainer.container.livenessProbe.withPeriodSeconds
withPeriodSeconds(periodSeconds)
"How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1."
fn spec.authProxyContainer.container.livenessProbe.withSuccessThreshold
withSuccessThreshold(successThreshold)
"Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1."
fn spec.authProxyContainer.container.livenessProbe.withTerminationGracePeriodSeconds
withTerminationGracePeriodSeconds(terminationGracePeriodSeconds)
"Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset."
fn spec.authProxyContainer.container.livenessProbe.withTimeoutSeconds
withTimeoutSeconds(timeoutSeconds)
"Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
obj spec.authProxyContainer.container.livenessProbe.exec
"Exec specifies the action to take."
fn spec.authProxyContainer.container.livenessProbe.exec.withCommand
withCommand(command)
"Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy."
fn spec.authProxyContainer.container.livenessProbe.exec.withCommandMixin
withCommandMixin(command)
"Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy."
Note: This function appends passed data to existing values
obj spec.authProxyContainer.container.livenessProbe.grpc
"GRPC specifies an action involving a GRPC port."
fn spec.authProxyContainer.container.livenessProbe.grpc.withPort
withPort(port)
"Port number of the gRPC service. Number must be in the range 1 to 65535."
fn spec.authProxyContainer.container.livenessProbe.grpc.withService
withService(service)
"Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC."
obj spec.authProxyContainer.container.livenessProbe.httpGet
"HTTPGet specifies the http request to perform."
fn spec.authProxyContainer.container.livenessProbe.httpGet.withHost
withHost(host)
"Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead."
fn spec.authProxyContainer.container.livenessProbe.httpGet.withHttpHeaders
withHttpHeaders(httpHeaders)
"Custom headers to set in the request. HTTP allows repeated headers."
fn spec.authProxyContainer.container.livenessProbe.httpGet.withHttpHeadersMixin
withHttpHeadersMixin(httpHeaders)
"Custom headers to set in the request. HTTP allows repeated headers."
Note: This function appends passed data to existing values
fn spec.authProxyContainer.container.livenessProbe.httpGet.withPath
withPath(path)
"Path to access on the HTTP server."
fn spec.authProxyContainer.container.livenessProbe.httpGet.withPort
withPort(port)
"Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME."
fn spec.authProxyContainer.container.livenessProbe.httpGet.withScheme
withScheme(scheme)
"Scheme to use for connecting to the host.\nDefaults to HTTP."
obj spec.authProxyContainer.container.livenessProbe.httpGet.httpHeaders
"Custom headers to set in the request. HTTP allows repeated headers."
fn spec.authProxyContainer.container.livenessProbe.httpGet.httpHeaders.withName
withName(name)
"The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header."
fn spec.authProxyContainer.container.livenessProbe.httpGet.httpHeaders.withValue
withValue(value)
"The header field value"
obj spec.authProxyContainer.container.livenessProbe.tcpSocket
"TCPSocket specifies an action involving a TCP port."
fn spec.authProxyContainer.container.livenessProbe.tcpSocket.withHost
withHost(host)
"Optional: Host name to connect to, defaults to the pod IP."
fn spec.authProxyContainer.container.livenessProbe.tcpSocket.withPort
withPort(port)
"Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME."
obj spec.authProxyContainer.container.ports
"List of ports to expose from the container. Not specifying a port here\nDOES NOT prevent that port from being exposed. Any port which is\nlistening on the default \"0.0.0.0\" address inside a container will be\naccessible from the network.\nModifying this array with strategic merge patch may corrupt the data.\nFor more information See https://github.com/kubernetes/kubernetes/issues/108255.\nCannot be updated."
fn spec.authProxyContainer.container.ports.withContainerPort
withContainerPort(containerPort)
"Number of port to expose on the pod's IP address.\nThis must be a valid port number, 0 < x < 65536."
fn spec.authProxyContainer.container.ports.withHostIP
withHostIP(hostIP)
"What host IP to bind the external port to."
fn spec.authProxyContainer.container.ports.withHostPort
withHostPort(hostPort)
"Number of port to expose on the host.\nIf specified, this must be a valid port number, 0 < x < 65536.\nIf HostNetwork is specified, this must match ContainerPort.\nMost containers do not need this."
fn spec.authProxyContainer.container.ports.withName
withName(name)
"If specified, this must be an IANA_SVC_NAME and unique within the pod. Each\nnamed port in a pod must have a unique name. Name for the port that can be\nreferred to by services."
fn spec.authProxyContainer.container.ports.withProtocol
withProtocol(protocol)
"Protocol for port. Must be UDP, TCP, or SCTP.\nDefaults to \"TCP\"."
obj spec.authProxyContainer.container.readinessProbe
"Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
fn spec.authProxyContainer.container.readinessProbe.withFailureThreshold
withFailureThreshold(failureThreshold)
"Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1."
fn spec.authProxyContainer.container.readinessProbe.withInitialDelaySeconds
withInitialDelaySeconds(initialDelaySeconds)
"Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
fn spec.authProxyContainer.container.readinessProbe.withPeriodSeconds
withPeriodSeconds(periodSeconds)
"How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1."
fn spec.authProxyContainer.container.readinessProbe.withSuccessThreshold
withSuccessThreshold(successThreshold)
"Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1."
fn spec.authProxyContainer.container.readinessProbe.withTerminationGracePeriodSeconds
withTerminationGracePeriodSeconds(terminationGracePeriodSeconds)
"Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset."
fn spec.authProxyContainer.container.readinessProbe.withTimeoutSeconds
withTimeoutSeconds(timeoutSeconds)
"Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
obj spec.authProxyContainer.container.readinessProbe.exec
"Exec specifies the action to take."
fn spec.authProxyContainer.container.readinessProbe.exec.withCommand
withCommand(command)
"Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy."
fn spec.authProxyContainer.container.readinessProbe.exec.withCommandMixin
withCommandMixin(command)
"Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy."
Note: This function appends passed data to existing values
obj spec.authProxyContainer.container.readinessProbe.grpc
"GRPC specifies an action involving a GRPC port."
fn spec.authProxyContainer.container.readinessProbe.grpc.withPort
withPort(port)
"Port number of the gRPC service. Number must be in the range 1 to 65535."
fn spec.authProxyContainer.container.readinessProbe.grpc.withService
withService(service)
"Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC."
obj spec.authProxyContainer.container.readinessProbe.httpGet
"HTTPGet specifies the http request to perform."
fn spec.authProxyContainer.container.readinessProbe.httpGet.withHost
withHost(host)
"Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead."
fn spec.authProxyContainer.container.readinessProbe.httpGet.withHttpHeaders
withHttpHeaders(httpHeaders)
"Custom headers to set in the request. HTTP allows repeated headers."
fn spec.authProxyContainer.container.readinessProbe.httpGet.withHttpHeadersMixin
withHttpHeadersMixin(httpHeaders)
"Custom headers to set in the request. HTTP allows repeated headers."
Note: This function appends passed data to existing values
fn spec.authProxyContainer.container.readinessProbe.httpGet.withPath
withPath(path)
"Path to access on the HTTP server."
fn spec.authProxyContainer.container.readinessProbe.httpGet.withPort
withPort(port)
"Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME."
fn spec.authProxyContainer.container.readinessProbe.httpGet.withScheme
withScheme(scheme)
"Scheme to use for connecting to the host.\nDefaults to HTTP."
obj spec.authProxyContainer.container.readinessProbe.httpGet.httpHeaders
"Custom headers to set in the request. HTTP allows repeated headers."
fn spec.authProxyContainer.container.readinessProbe.httpGet.httpHeaders.withName
withName(name)
"The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header."
fn spec.authProxyContainer.container.readinessProbe.httpGet.httpHeaders.withValue
withValue(value)
"The header field value"
obj spec.authProxyContainer.container.readinessProbe.tcpSocket
"TCPSocket specifies an action involving a TCP port."
fn spec.authProxyContainer.container.readinessProbe.tcpSocket.withHost
withHost(host)
"Optional: Host name to connect to, defaults to the pod IP."
fn spec.authProxyContainer.container.readinessProbe.tcpSocket.withPort
withPort(port)
"Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME."
obj spec.authProxyContainer.container.resizePolicy
"Resources resize policy for the container."
fn spec.authProxyContainer.container.resizePolicy.withResourceName
withResourceName(resourceName)
"Name of the resource to which this resource resize policy applies.\nSupported values: cpu, memory."
fn spec.authProxyContainer.container.resizePolicy.withRestartPolicy
withRestartPolicy(restartPolicy)
"Restart policy to apply when specified resource is resized.\nIf not specified, it defaults to NotRequired."
obj spec.authProxyContainer.container.resources
"Compute Resources required by this container.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
fn spec.authProxyContainer.container.resources.withClaims
withClaims(claims)
"Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers."
fn spec.authProxyContainer.container.resources.withClaimsMixin
withClaimsMixin(claims)
"Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers."
Note: This function appends passed data to existing values
fn spec.authProxyContainer.container.resources.withLimits
withLimits(limits)
"Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
fn spec.authProxyContainer.container.resources.withLimitsMixin
withLimitsMixin(limits)
"Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
Note: This function appends passed data to existing values
fn spec.authProxyContainer.container.resources.withRequests
withRequests(requests)
"Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
fn spec.authProxyContainer.container.resources.withRequestsMixin
withRequestsMixin(requests)
"Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
Note: This function appends passed data to existing values
obj spec.authProxyContainer.container.resources.claims
"Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers."
fn spec.authProxyContainer.container.resources.claims.withName
withName(name)
"Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container."
obj spec.authProxyContainer.container.securityContext
"SecurityContext defines the security options the container should be run with.\nIf set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/"
fn spec.authProxyContainer.container.securityContext.withAllowPrivilegeEscalation
withAllowPrivilegeEscalation(allowPrivilegeEscalation)
"AllowPrivilegeEscalation controls whether a process can gain more\nprivileges than its parent process. This bool directly controls if\nthe no_new_privs flag will be set on the container process.\nAllowPrivilegeEscalation is true always when the container is:\n1) run as Privileged\n2) has CAP_SYS_ADMIN\nNote that this field cannot be set when spec.os.name is windows."
fn spec.authProxyContainer.container.securityContext.withPrivileged
withPrivileged(privileged)
"Run container in privileged mode.\nProcesses in privileged containers are essentially equivalent to root on the host.\nDefaults to false.\nNote that this field cannot be set when spec.os.name is windows."
fn spec.authProxyContainer.container.securityContext.withProcMount
withProcMount(procMount)
"procMount denotes the type of proc mount to use for the containers.\nThe default is DefaultProcMount which uses the container runtime defaults for\nreadonly paths and masked paths.\nThis requires the ProcMountType feature flag to be enabled.\nNote that this field cannot be set when spec.os.name is windows."
fn spec.authProxyContainer.container.securityContext.withReadOnlyRootFilesystem
withReadOnlyRootFilesystem(readOnlyRootFilesystem)
"Whether this container has a read-only root filesystem.\nDefault is false.\nNote that this field cannot be set when spec.os.name is windows."
fn spec.authProxyContainer.container.securityContext.withRunAsGroup
withRunAsGroup(runAsGroup)
"The GID to run the entrypoint of the container process.\nUses runtime default if unset.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows."
fn spec.authProxyContainer.container.securityContext.withRunAsNonRoot
withRunAsNonRoot(runAsNonRoot)
"Indicates that the container must run as a non-root user.\nIf true, the Kubelet will validate the image at runtime to ensure that it\ndoes not run as UID 0 (root) and fail to start the container if it does.\nIf unset or false, no such validation will be performed.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence."
fn spec.authProxyContainer.container.securityContext.withRunAsUser
withRunAsUser(runAsUser)
"The UID to run the entrypoint of the container process.\nDefaults to user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows."
obj spec.authProxyContainer.container.securityContext.capabilities
"The capabilities to add/drop when running containers.\nDefaults to the default set of capabilities granted by the container runtime.\nNote that this field cannot be set when spec.os.name is windows."
fn spec.authProxyContainer.container.securityContext.capabilities.withAdd
withAdd(add)
"Added capabilities"
fn spec.authProxyContainer.container.securityContext.capabilities.withAddMixin
withAddMixin(add)
"Added capabilities"
Note: This function appends passed data to existing values
fn spec.authProxyContainer.container.securityContext.capabilities.withDrop
withDrop(drop)
"Removed capabilities"
fn spec.authProxyContainer.container.securityContext.capabilities.withDropMixin
withDropMixin(drop)
"Removed capabilities"
Note: This function appends passed data to existing values
obj spec.authProxyContainer.container.securityContext.seLinuxOptions
"The SELinux context to be applied to the container.\nIf unspecified, the container runtime will allocate a random SELinux context for each\ncontainer. May also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is windows."
fn spec.authProxyContainer.container.securityContext.seLinuxOptions.withLevel
withLevel(level)
"Level is SELinux level label that applies to the container."
fn spec.authProxyContainer.container.securityContext.seLinuxOptions.withRole
withRole(role)
"Role is a SELinux role label that applies to the container."
fn spec.authProxyContainer.container.securityContext.seLinuxOptions.withType
withType(type)
"Type is a SELinux type label that applies to the container."
fn spec.authProxyContainer.container.securityContext.seLinuxOptions.withUser
withUser(user)
"User is a SELinux user label that applies to the container."
obj spec.authProxyContainer.container.securityContext.seccompProfile
"The seccomp options to use by this container. If seccomp options are\nprovided at both the pod & container level, the container options\noverride the pod options.\nNote that this field cannot be set when spec.os.name is windows."
fn spec.authProxyContainer.container.securityContext.seccompProfile.withLocalhostProfile
withLocalhostProfile(localhostProfile)
"localhostProfile indicates a profile defined in a file on the node should be used.\nThe profile must be preconfigured on the node to work.\nMust be a descending path, relative to the kubelet's configured seccomp profile location.\nMust be set if type is \"Localhost\". Must NOT be set for any other type."
fn spec.authProxyContainer.container.securityContext.seccompProfile.withType
withType(type)
"type indicates which kind of seccomp profile will be applied.\nValid options are:\n\n\nLocalhost - a profile defined in a file on the node should be used.\nRuntimeDefault - the container runtime default profile should be used.\nUnconfined - no profile should be applied."
obj spec.authProxyContainer.container.securityContext.windowsOptions
"The Windows specific settings applied to all containers.\nIf unspecified, the options from the PodSecurityContext will be used.\nIf set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.\nNote that this field cannot be set when spec.os.name is linux."
fn spec.authProxyContainer.container.securityContext.windowsOptions.withGmsaCredentialSpec
withGmsaCredentialSpec(gmsaCredentialSpec)
"GMSACredentialSpec is where the GMSA admission webhook\n(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the\nGMSA credential spec named by the GMSACredentialSpecName field."
fn spec.authProxyContainer.container.securityContext.windowsOptions.withGmsaCredentialSpecName
withGmsaCredentialSpecName(gmsaCredentialSpecName)
"GMSACredentialSpecName is the name of the GMSA credential spec to use."
fn spec.authProxyContainer.container.securityContext.windowsOptions.withHostProcess
withHostProcess(hostProcess)
"HostProcess determines if a container should be run as a 'Host Process' container.\nAll of a Pod's containers must have the same effective HostProcess value\n(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).\nIn addition, if HostProcess is true then HostNetwork must also be set to true."
fn spec.authProxyContainer.container.securityContext.windowsOptions.withRunAsUserName
withRunAsUserName(runAsUserName)
"The UserName in Windows to run the entrypoint of the container process.\nDefaults to the user specified in image metadata if unspecified.\nMay also be set in PodSecurityContext. If set in both SecurityContext and\nPodSecurityContext, the value specified in SecurityContext takes precedence."
obj spec.authProxyContainer.container.startupProbe
"StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nThis cannot be updated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
fn spec.authProxyContainer.container.startupProbe.withFailureThreshold
withFailureThreshold(failureThreshold)
"Minimum consecutive failures for the probe to be considered failed after having succeeded.\nDefaults to 3. Minimum value is 1."
fn spec.authProxyContainer.container.startupProbe.withInitialDelaySeconds
withInitialDelaySeconds(initialDelaySeconds)
"Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
fn spec.authProxyContainer.container.startupProbe.withPeriodSeconds
withPeriodSeconds(periodSeconds)
"How often (in seconds) to perform the probe.\nDefault to 10 seconds. Minimum value is 1."
fn spec.authProxyContainer.container.startupProbe.withSuccessThreshold
withSuccessThreshold(successThreshold)
"Minimum consecutive successes for the probe to be considered successful after having failed.\nDefaults to 1. Must be 1 for liveness and startup. Minimum value is 1."
fn spec.authProxyContainer.container.startupProbe.withTerminationGracePeriodSeconds
withTerminationGracePeriodSeconds(terminationGracePeriodSeconds)
"Optional duration in seconds the pod needs to terminate gracefully upon probe failure.\nThe grace period is the duration in seconds after the processes running in the pod are sent\na termination signal and the time when the processes are forcibly halted with a kill signal.\nSet this value longer than the expected cleanup time for your process.\nIf this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this\nvalue overrides the value provided by the pod spec.\nValue must be non-negative integer. The value zero indicates stop immediately via\nthe kill signal (no opportunity to shut down).\nThis is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.\nMinimum value is 1. spec.terminationGracePeriodSeconds is used if unset."
fn spec.authProxyContainer.container.startupProbe.withTimeoutSeconds
withTimeoutSeconds(timeoutSeconds)
"Number of seconds after which the probe times out.\nDefaults to 1 second. Minimum value is 1.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes"
obj spec.authProxyContainer.container.startupProbe.exec
"Exec specifies the action to take."
fn spec.authProxyContainer.container.startupProbe.exec.withCommand
withCommand(command)
"Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy."
fn spec.authProxyContainer.container.startupProbe.exec.withCommandMixin
withCommandMixin(command)
"Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy."
Note: This function appends passed data to existing values
obj spec.authProxyContainer.container.startupProbe.grpc
"GRPC specifies an action involving a GRPC port."
fn spec.authProxyContainer.container.startupProbe.grpc.withPort
withPort(port)
"Port number of the gRPC service. Number must be in the range 1 to 65535."
fn spec.authProxyContainer.container.startupProbe.grpc.withService
withService(service)
"Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\n\nIf this is not specified, the default behavior is defined by gRPC."
obj spec.authProxyContainer.container.startupProbe.httpGet
"HTTPGet specifies the http request to perform."
fn spec.authProxyContainer.container.startupProbe.httpGet.withHost
withHost(host)
"Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead."
fn spec.authProxyContainer.container.startupProbe.httpGet.withHttpHeaders
withHttpHeaders(httpHeaders)
"Custom headers to set in the request. HTTP allows repeated headers."
fn spec.authProxyContainer.container.startupProbe.httpGet.withHttpHeadersMixin
withHttpHeadersMixin(httpHeaders)
"Custom headers to set in the request. HTTP allows repeated headers."
Note: This function appends passed data to existing values
fn spec.authProxyContainer.container.startupProbe.httpGet.withPath
withPath(path)
"Path to access on the HTTP server."
fn spec.authProxyContainer.container.startupProbe.httpGet.withPort
withPort(port)
"Name or number of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME."
fn spec.authProxyContainer.container.startupProbe.httpGet.withScheme
withScheme(scheme)
"Scheme to use for connecting to the host.\nDefaults to HTTP."
obj spec.authProxyContainer.container.startupProbe.httpGet.httpHeaders
"Custom headers to set in the request. HTTP allows repeated headers."
fn spec.authProxyContainer.container.startupProbe.httpGet.httpHeaders.withName
withName(name)
"The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header."
fn spec.authProxyContainer.container.startupProbe.httpGet.httpHeaders.withValue
withValue(value)
"The header field value"
obj spec.authProxyContainer.container.startupProbe.tcpSocket
"TCPSocket specifies an action involving a TCP port."
fn spec.authProxyContainer.container.startupProbe.tcpSocket.withHost
withHost(host)
"Optional: Host name to connect to, defaults to the pod IP."
fn spec.authProxyContainer.container.startupProbe.tcpSocket.withPort
withPort(port)
"Number or name of the port to access on the container.\nNumber must be in the range 1 to 65535.\nName must be an IANA_SVC_NAME."
obj spec.authProxyContainer.container.volumeDevices
"volumeDevices is the list of block devices to be used by the container."
fn spec.authProxyContainer.container.volumeDevices.withDevicePath
withDevicePath(devicePath)
"devicePath is the path inside of the container that the device will be mapped to."
fn spec.authProxyContainer.container.volumeDevices.withName
withName(name)
"name must match the name of a persistentVolumeClaim in the pod"
obj spec.authProxyContainer.container.volumeMounts
"Pod volumes to mount into the container's filesystem.\nCannot be updated."
fn spec.authProxyContainer.container.volumeMounts.withMountPath
withMountPath(mountPath)
"Path within the container at which the volume should be mounted. Must\nnot contain ':'."
fn spec.authProxyContainer.container.volumeMounts.withMountPropagation
withMountPropagation(mountPropagation)
"mountPropagation determines how mounts are propagated from the host\nto container and the other way around.\nWhen not set, MountPropagationNone is used.\nThis field is beta in 1.10."
fn spec.authProxyContainer.container.volumeMounts.withName
withName(name)
"This must match the Name of a Volume."
fn spec.authProxyContainer.container.volumeMounts.withReadOnly
withReadOnly(readOnly)
"Mounted read-only if true, read-write otherwise (false or unspecified).\nDefaults to false."
fn spec.authProxyContainer.container.volumeMounts.withSubPath
withSubPath(subPath)
"Path within the volume from which the container's volume should be mounted.\nDefaults to \"\" (volume's root)."
fn spec.authProxyContainer.container.volumeMounts.withSubPathExpr
withSubPathExpr(subPathExpr)
"Expanded path within the volume from which the container's volume should be mounted.\nBehaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.\nDefaults to \"\" (volume's root).\nSubPathExpr and SubPath are mutually exclusive."
obj spec.authProxyContainer.resources
"Resources specifies the resources required for the proxy pod."
fn spec.authProxyContainer.resources.withClaims
withClaims(claims)
"Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers."
fn spec.authProxyContainer.resources.withClaimsMixin
withClaimsMixin(claims)
"Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers."
Note: This function appends passed data to existing values
fn spec.authProxyContainer.resources.withLimits
withLimits(limits)
"Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
fn spec.authProxyContainer.resources.withLimitsMixin
withLimitsMixin(limits)
"Limits describes the maximum amount of compute resources allowed.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
Note: This function appends passed data to existing values
fn spec.authProxyContainer.resources.withRequests
withRequests(requests)
"Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
fn spec.authProxyContainer.resources.withRequestsMixin
withRequestsMixin(requests)
"Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if that is explicitly specified,\notherwise to an implementation-defined value. Requests cannot exceed Limits.\nMore info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/"
Note: This function appends passed data to existing values
obj spec.authProxyContainer.resources.claims
"Claims lists the names of resources, defined in spec.resourceClaims,\nthat are used by this container.\n\n\nThis is an alpha field and requires enabling the\nDynamicResourceAllocation feature gate.\n\n\nThis field is immutable. It can only be set for containers."
fn spec.authProxyContainer.resources.claims.withName
withName(name)
"Name must match the name of one entry in pod.spec.resourceClaims of\nthe Pod where this field is used. It makes that resource available\ninside a container."
obj spec.authProxyContainer.telemetry
"Telemetry specifies how the proxy should expose telemetry.\nOptional, by default"
fn spec.authProxyContainer.telemetry.withDisableMetrics
withDisableMetrics(disableMetrics)
"DisableMetrics disables Cloud Monitoring testintegration (used with telemetryProject)\nThis sets the proxy container's CLI argument --disable-metrics"
fn spec.authProxyContainer.telemetry.withDisableTraces
withDisableTraces(disableTraces)
"DisableTraces disables Cloud Trace testintegration (used with telemetryProject)\nThis sets the proxy container's CLI argument --disable-traces"
fn spec.authProxyContainer.telemetry.withHttpPort
withHttpPort(httpPort)
"HTTPPort the port for Prometheus and health check server.\nThis sets the proxy container's CLI argument --http-port"
fn spec.authProxyContainer.telemetry.withPrometheus
withPrometheus(prometheus)
"Prometheus Enables Prometheus HTTP endpoint /metrics on localhost\nThis sets the proxy container's CLI argument --prometheus"
fn spec.authProxyContainer.telemetry.withPrometheusNamespace
withPrometheusNamespace(prometheusNamespace)
"PrometheusNamespace is used the provided Prometheus namespace for metrics\nThis sets the proxy container's CLI argument --prometheus-namespace"
fn spec.authProxyContainer.telemetry.withQuotaProject
withQuotaProject(quotaProject)
"QuotaProject Specifies the project to use for Cloud SQL Admin API quota tracking.\nThe IAM principal must have the \"serviceusage.services.use\" permission\nfor the given project. See https://cloud.google.com/service-usage/docs/overview and\nhttps://cloud.google.com/storage/docs/requester-pays\nThis sets the proxy container's CLI argument --quota-project"
fn spec.authProxyContainer.telemetry.withTelemetryPrefix
withTelemetryPrefix(telemetryPrefix)
"TelemetryPrefix is the prefix for Cloud Monitoring metrics.\nThis sets the proxy container's CLI argument --telemetry-prefix"
fn spec.authProxyContainer.telemetry.withTelemetryProject
withTelemetryProject(telemetryProject)
"TelemetryProject enables Cloud Monitoring and Cloud Trace with the provided project ID.\nThis sets the proxy container's CLI argument --telemetry-project"
fn spec.authProxyContainer.telemetry.withTelemetrySampleRate
withTelemetrySampleRate(telemetrySampleRate)
"TelemetrySampleRate is the Cloud Trace sample rate. A smaller number means more traces.\nThis sets the proxy container's CLI argument --telemetry-sample-rate"
obj spec.instances
"Instances describes the Cloud SQL instances to configure on the proxy container."
fn spec.instances.withAutoIAMAuthN
withAutoIAMAuthN(autoIAMAuthN)
"AutoIAMAuthN (optional) Enables IAM Authentication for this instance.\nDefault value is false."
fn spec.instances.withConnectionString
withConnectionString(connectionString)
"ConnectionString is the connection string for the Cloud SQL Instance\nin the format project_id:region:instance_name"
fn spec.instances.withHostEnvName
withHostEnvName(hostEnvName)
"HostEnvName The name of the environment variable containing this instances tcp hostname\nOptional, when set this environment variable will be added to all containers in the workload."
fn spec.instances.withPort
withPort(port)
"Port (optional) sets the tcp port for this instance. If not set, a value will\nbe automatically assigned by the operator and set as an environment variable\non all containers in the workload named according to PortEnvName. The operator will choose\na port so that it does not conflict with other ports on the workload."
fn spec.instances.withPortEnvName
withPortEnvName(portEnvName)
"PortEnvName is name of the environment variable containing this instance's tcp port.\nOptional, when set this environment variable will be added to all containers in the workload."
fn spec.instances.withPrivateIP
withPrivateIP(privateIP)
"PrivateIP (optional) Enable connection to the Cloud SQL instance's private ip for this instance.\nDefault value is false."
fn spec.instances.withPsc
withPsc(psc)
"PSC (optional) Enable connection to the Cloud SQL instance's private\nservice connect endpoint. May not be used with PrivateIP.\nDefault value is false."
fn spec.instances.withUnixSocketPath
withUnixSocketPath(unixSocketPath)
"UnixSocketPath is the path to the unix socket where the proxy will listen\nfor connnections. This will be mounted to all containers in the pod."
fn spec.instances.withUnixSocketPathEnvName
withUnixSocketPathEnvName(unixSocketPathEnvName)
"UnixSocketPathEnvName is the environment variable containing the value of\nUnixSocketPath."
obj spec.workloadSelector
"Workload selects the workload where the proxy container will be added."
fn spec.workloadSelector.withKind
withKind(kind)
"Kind specifies what kind of workload\nSupported kinds: Deployment, StatefulSet, Pod, ReplicaSet,DaemonSet, Job, CronJob\nExample: \"Deployment\" \"Deployment.v1\" or \"Deployment.v1.apps\"."
fn spec.workloadSelector.withName
withName(name)
"Name specifies the name of the resource to select."
obj spec.workloadSelector.selector
"Selector (optional) selects resources using labels. See \"Label selectors\" in the kubernetes docs\nhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors"
fn spec.workloadSelector.selector.withMatchExpressions
withMatchExpressions(matchExpressions)
"matchExpressions is a list of label selector requirements. The requirements are ANDed."
fn spec.workloadSelector.selector.withMatchExpressionsMixin
withMatchExpressionsMixin(matchExpressions)
"matchExpressions is a list of label selector requirements. The requirements are ANDed."
Note: This function appends passed data to existing values
fn spec.workloadSelector.selector.withMatchLabels
withMatchLabels(matchLabels)
"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed."
fn spec.workloadSelector.selector.withMatchLabelsMixin
withMatchLabelsMixin(matchLabels)
"matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed."
Note: This function appends passed data to existing values
obj spec.workloadSelector.selector.matchExpressions
"matchExpressions is a list of label selector requirements. The requirements are ANDed."
fn spec.workloadSelector.selector.matchExpressions.withKey
withKey(key)
"key is the label key that the selector applies to."
fn spec.workloadSelector.selector.matchExpressions.withOperator
withOperator(operator)
"operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist."
fn spec.workloadSelector.selector.matchExpressions.withValues
withValues(values)
"values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch."
fn spec.workloadSelector.selector.matchExpressions.withValuesMixin
withValuesMixin(values)
"values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch."
Note: This function appends passed data to existing values