@@ -547,6 +547,32 @@ spec:
547547 Note that this field cannot be set when spec.os.name is windows.
548548format : int64
549549 type : integer
550+ seLinuxChangePolicy :
551+ description : |-
552+ seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.
553+ It has no effect on nodes that do not support SELinux or to volumes does not support SELinux.
554+ Valid values are "MountOption" and "Recursive".
555+
556+ "Recursive" means relabeling of all files on all Pod volumes by the container runtime.
557+ This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.
558+
559+ "MountOption" mounts all eligible Pod volumes with `-o context` mount option.
560+ This requires all Pods that share the same volume to use the same SELinux label.
561+ It is not possible to share the same volume among privileged and unprivileged Pods.
562+ Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes
563+ whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their
564+ CSIDriver instance. Other volumes are always re-labelled recursively.
565+ "MountOption" value is allowed only when SELinuxMount feature gate is enabled.
566+
567+ If not specified and SELinuxMount feature gate is enabled, "MountOption" is used.
568+ If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes
569+ and "Recursive" for all other volumes.
570+
571+ This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.
572+
573+ All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.
574+ Note that this field cannot be set when spec.os.name is windows.
575+ type : string
550576 seLinuxOptions :
551577 description : |-
552578 The SELinux context to be applied to all containers.
@@ -839,7 +865,6 @@ spec:
839865 pod labels will be ignored. The default value is empty.
840866 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
841867 Also, matchLabelKeys cannot be set when labelSelector isn't set.
842- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
843868items :
844869 type : string
845870 type : array
@@ -854,7 +879,6 @@ spec:
854879 pod labels will be ignored. The default value is empty.
855880 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
856881 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
857- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
858882items :
859883 type : string
860884 type : array
@@ -1019,7 +1043,6 @@ spec:
10191043 pod labels will be ignored. The default value is empty.
10201044 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
10211045 Also, matchLabelKeys cannot be set when labelSelector isn't set.
1022- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
10231046items :
10241047 type : string
10251048 type : array
@@ -1034,7 +1057,6 @@ spec:
10341057 pod labels will be ignored. The default value is empty.
10351058 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
10361059 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
1037- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
10381060items :
10391061 type : string
10401062 type : array
@@ -1208,7 +1230,9 @@ spec:
12081230 policies :
12091231 description : |-
12101232 policies is a list of potential scaling polices which can be used during scaling.
1211- At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid
1233+ If not set, use the default values:
1234+ - For scale up: allow doubling the number of pods, or an absolute change of 4 pods in a 15s window.
1235+ - For scale down: allow all pods to be removed in a 15s window.
12121236items :
12131237 description : HPAScalingPolicy is a single policy
12141238 which must hold true for a specified past interval.
@@ -1251,6 +1275,24 @@ spec:
12511275 - For scale down: 300 (i.e. the stabilization window is 300 seconds long).
12521276format : int32
12531277 type : integer
1278+ tolerance :
1279+ anyOf :
1280+ - type : integer
1281+ - type : string
1282+ description : |-
1283+ tolerance is the tolerance on the ratio between the current and desired
1284+ metric value under which no updates are made to the desired number of
1285+ replicas (e.g. 0.01 for 1%). Must be greater than or equal to zero. If not
1286+ set, the default cluster-wide tolerance is applied (by default 10%).
1287+
1288+ For example, if autoscaling is configured with a memory consumption target of 100Mi,
1289+ and scale-down and scale-up tolerances of 5% and 1% respectively, scaling will be
1290+ triggered when the actual consumption falls below 95Mi or exceeds 101Mi.
1291+
1292+ This is an alpha field and requires enabling the HPAConfigurableTolerance
1293+ feature gate.
1294+ pattern : ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
1295+ x-kubernetes-int-or-string : true
12541296 type : object
12551297 scaleUp :
12561298 description : |-
@@ -1263,7 +1305,9 @@ spec:
12631305 policies :
12641306 description : |-
12651307 policies is a list of potential scaling polices which can be used during scaling.
1266- At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid
1308+ If not set, use the default values:
1309+ - For scale up: allow doubling the number of pods, or an absolute change of 4 pods in a 15s window.
1310+ - For scale down: allow all pods to be removed in a 15s window.
12671311items :
12681312 description : HPAScalingPolicy is a single policy
12691313 which must hold true for a specified past interval.
@@ -1306,6 +1350,24 @@ spec:
13061350 - For scale down: 300 (i.e. the stabilization window is 300 seconds long).
13071351format : int32
13081352 type : integer
1353+ tolerance :
1354+ anyOf :
1355+ - type : integer
1356+ - type : string
1357+ description : |-
1358+ tolerance is the tolerance on the ratio between the current and desired
1359+ metric value under which no updates are made to the desired number of
1360+ replicas (e.g. 0.01 for 1%). Must be greater than or equal to zero. If not
1361+ set, the default cluster-wide tolerance is applied (by default 10%).
1362+
1363+ For example, if autoscaling is configured with a memory consumption target of 100Mi,
1364+ and scale-down and scale-up tolerances of 5% and 1% respectively, scaling will be
1365+ triggered when the actual consumption falls below 95Mi or exceeds 101Mi.
1366+
1367+ This is an alpha field and requires enabling the HPAConfigurableTolerance
1368+ feature gate.
1369+ pattern : ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
1370+ x-kubernetes-int-or-string : true
13091371 type : object
13101372 type : object
13111373 maxReplicas :
@@ -1324,7 +1386,6 @@ spec:
13241386 each pod of the current scale target (e.g. CPU or memory). Such metrics are
13251387 built in to Kubernetes, and have special scaling options on top of those
13261388 available to normal per-pod metrics using the "pods" source.
1327- This is an alpha feature and can be enabled by the HPAContainerMetrics feature flag.
13281389properties :
13291390 container :
13301391 description : container is the name of the container
@@ -1771,8 +1832,6 @@ spec:
17711832 description : |-
17721833 type is the type of metric source. It should be one of "ContainerResource", "External",
17731834 "Object", "Pods" or "Resource", each mapping to a matching field in the object.
1774- Note: "ContainerResource" type is available on when the feature-gate
1775- HPAContainerMetrics is enabled
17761835type : string
17771836 required :
17781837 - type
@@ -2235,7 +2294,6 @@ spec:
22352294 pod labels will be ignored. The default value is empty.
22362295 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
22372296 Also, matchLabelKeys cannot be set when labelSelector isn't set.
2238- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
22392297items :
22402298 type : string
22412299 type : array
@@ -2250,7 +2308,6 @@ spec:
22502308 pod labels will be ignored. The default value is empty.
22512309 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
22522310 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
2253- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
22542311items :
22552312 type : string
22562313 type : array
@@ -2416,7 +2473,6 @@ spec:
24162473 pod labels will be ignored. The default value is empty.
24172474 The same key is forbidden to exist in both matchLabelKeys and labelSelector.
24182475 Also, matchLabelKeys cannot be set when labelSelector isn't set.
2419- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
24202476items :
24212477 type : string
24222478 type : array
@@ -2431,7 +2487,6 @@ spec:
24312487 pod labels will be ignored. The default value is empty.
24322488 The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
24332489 Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
2434- This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
24352490items :
24362491 type : string
24372492 type : array
0 commit comments