Introduction

A Pod is the unit of execution in Kubernetes. It consists of a set of co-located containers that share the same fate. The Pod definition in Kubernetes includes information about the containers, their runtime characteristics, and metadata about the pod.

API group Resource Kube Skeleton
core/v1 Pod skel

Here's an example Kubernetes Pod spec:

apiVersion: v1
kind: Pod
metadata:
  name: mysql-pod
  labels:
    name: mysql-pod
spec:
  containers:
    -
      name: mysql
      image: mysql:latest
      env:
        -
          name: "MYSQL_USER"
          value: "mysql"
        -
          name: "MYSQL_PASSWORD"
          value: "mysql"
        -
          name: "MYSQL_DATABASE"
          value: "sample"
        -
          name: "MYSQL_ROOT_PASSWORD"
          value: "supersecret"
      ports:
        -
          containerPort: 3306

The following sections contain detailed information about each field in Short syntax, including how the field translates to and from Kubernetes syntax.

API Overview

Field Type K8s counterpart(s) Description
version string apiVersion The version of the resource object
cluster string metadata.clusterName The name of the cluster on which this Pod is running
name string metadata.name The name of the Pod
namespace string metadata.namespace The K8s namespace this Pod will be a member of
labels string metadata.labels Metadata about the Pod, including identifying information
annotations string metadata.annotations Non-identifying information about the Pod
volumes Volume spec.volumes Denotes the volumes that are a part of the Pod. See Volume Overview
affinity []Affinity spec.affinity and spec.NodeSelector The Pod's scheduling rules, expressed as (anti-)affinities for nodes or other Pods. See Affinity Overview
node string spec.nodeName Request that the Pod be scheduled on a specific node.
containers Container spec.containers and status Containers that run as a part of the Pod. See Container Overview
init_containers Container spec.initContainers and status Containers that run as a part of the initialization process of the Pod. See Container Overview
dns_policy DNSPolicy spec.dnsPolicy The DNS Policy of the Pod. See DNS Policy Overview
host_aliases []string spec.aliases Set of additional records to be placed in /etc/hosts file inside the Pod. See Host Aliases Overview
host_mode []string spec.hostPID, spec.hostNetwork and spec.hostIPC The Pod's access to host resources. See Host Mode Conversion
hostname string spec.hostname and spec.subDomain The fully qualified domain name of the pod
registry_secrets []string spec.ImagePullSecrets A list of k8s secret resource names that contain credentials to required to access private registries.
restart_policy RestartPolicy spec.restartPolicy Behavior of a Pod when it dies. Can be "always", "on-failure" or "never"
scheduler_name string spec.schedulerName The value from spec.schedulerName is stored here
account string spec.serviceAccountName and automountService AccountToken The Pod's access to the K8s API. See Account Conversion
tolerations []Toleration spec.tolerations Set of host taints this Pod tolerates. See Toleration Conversion
termination_ grace_period int64 spec.termination GracePeriodSeconds Number of seconds to wait before forcefully killing the Pod.
active_deadline int64 spec. activeDeadlineSeconds Number of seconds the Pod is allowed to be active
priority Priority spec.priorityClassName and spec.priority Specifies the Pod's Priority. See Priority
condition []Pod Condition status.conditions The list of current and previous conditions of the Pod. See Pod Condition
node_ip string status.hostIP The IP address of the Pod's host
ip string status.podIP The IP address of the Pod
start_time time status.startTime When the Pod started running
msg string status.message A human readable message explaining Pod's current condition
phase string status.phase The current phase of the Pod
reason string status.reason Reason indicating the cause for the current state of the Pod
qos string status.qosClass The QOS class assigned to the Pod based on resource requirements
fs_gid int64 spec.securityContext. fsGroup Special supplemental group that applies to all the Containers in the Pod
gids []int64 spec.securityContext. supplementalGroups A list of groups applied to the first process in each of the Containers in the Pod

Affinity Overview

Field Type K8s counterpart(s) Description
node string affinity.nodeAffinity The Pod's affinity for certain nodes. More information below
pod string affinity.podAffinity The Pod's affinity for certain other other Pods in the cluster. More information below
anti_pod string affinity.podAntiAffinity The Pod's anti-affinity for certain other Pods in the cluster. More information below
topology string affinity.pod*. podAffinityTerm.topologyKey A node label key, e.g. "kubernetes.io/hostname". Determines the scope (same host vs same region vs ...) of the Pod's (anti-)affinity for certain Pods. More information below
namespaces []string affinity.pod*. podAffinityTerm.namespaces A list of namespaces in which the pod and anti_pod affinities are applied

node, pod and anti_pod are string fields that expect expressions that denote affinities of the Pod to nodes, other pods and anti-affinity to other pods respectively.

expressions are label selectors, i.e. node or pods that contain labels that match these expressions are used to make scheduling decisions for the Pod.

An expression is a set of sub-expressions that are ANDed(&) together. Sub-expressions select on labels using =, !=, Exists, Does not Exist, Greater than and Less than operators.

Operator Symbol Validity Example
Equals = node, pod and anti_pod k8s.io/failure-domain=us-east1
Not Equal != node, pod and anti_pod k8s.io/failure-domain!=us-east-1
Exists N/A node, pod and anti_pod k8s.io/cloud-provider
Does Not Exist N/A node, pod and anti_pod !k8s.io/bare-metal
Greater Than '>' node k8s.io/cpus>1
Less Than '<' node k8s.io/cpus < 1

Expressions also have qualifiers at the end of the composite sub-expressions. Qualifiers can be used to set soft affinity and (weight) of the soft affinity. soft affinities have weights ranging from 1 to 100, where 1 is the default weight.

Pods accept multiple affinity items, and the entire set of affinity items is considered for its scheduling.

It is not valid to include more than one of (node, pod, anti_pod) in a single affinity item. They should be specified in separate items. topology and namespaces are ignored if the affinity item is a node selector affinity item

Node Affinity

node values denote either soft or hard affinities to nodes. hard affinities are expressions that must be satisfied for a Pod to be scheduled on a node. soft affinities are expressions that we prefer to satisfy, but Pods may be scheduled on nodes that do not satisfy these expressions.

If the list of affinity items contains multiple hard node affinity selectors, only one hard node affinity selector needs to be satisfied.

If the list of affinity items contains multiple soft node affinity selectors, the scheduler chooses the node that satisfies the most soft node affinity selectors, where "most" means the greatest sum of weights.

Here are some example node affinity expressions

Expression Affinity Type Description
-node:failure-domain=us-east1&instance-type=t2.large node hard affinity run the pod on a node that is in failure domain us-east1 and whose instance type is t2.large
-node:failure-domain=us-east1&instance-type=t2.large
-node:failure-domain=us-east2&instance-type=t2.large		 node hard affinity run the pod on a node that is in failure-domain us-east1 and the instance type is t2.large
or
on a node in us-east2 and instance type is t2.large
-node:failure-domain=us-east1&instance-type=t2.large:soft node soft affinity prefer to run the pod on a node that is in failure-domain us-east1 and whose instance type is t2.large
-node:failure-domain=us-east1:soft:10
-node:failure-domain=us-east2:soft:20		 node soft affinity run the pod preferrably on a node in failure-domain us-east2, less preferrably on a node in us-east1, some other node if none of those options are available

Pod Affinity

pod values denote either soft or hard affinities to other pods.

A hard pod affinity selector indicates that the Pod must run alongside a Pod that satisfies the selector. If the list of affinity items contains multiple hard pod affinity selectors, all hard pod affinity selectors must be satisfied.

A soft pod affinity selector indicates that the Pod prefers to run alongside a Pod that satisfies the selector. If the list of affinity items contains multiple soft pod affinity selectors, the scheduler tries to satisfy as many soft pod affinity selectors as possible, where "many" is measured by the sum of the selectors' weights.

Here are some example pod affinity expressions

Expression Affinity Type Description
-pod:app=front-end pod hard affinity run the pod on alongside another pod which has label app=front-end
-pod:app=front-end
-pod:name=react		 pod hard affinity run the pod alongside another pod that has labels app=front-end and name=react
-pod:app=front-end&name=react:soft pod soft affinity prefer to run the pod alongside another pod that has labels app=front-end and name=react
-pod:app=front-end&name=react:soft:10
-pod:app=front-end&name=flux:soft:20		 pod soft affinity run the pod preferrably alongside another pod that has labels app=front-end and name=flux, less preferrably alongside another pod that has labels app=front-end and name=react, some other node if none of those options are available
-pod:app=front-end
topology:k8s.io/failure-domain		 pod hard affinity run the pod on a node whose label value for the key k8s.io/failure-domain matches the value of the label in the node on which a pod with label app-front-end is running

Pod Anti Affinity

The syntax and mechanism of pod anti affinity is the same as pod affinity, except that if another Pod matches the selector, this Pod should not be scheduled alongside it.

Here are some example pod anti affinity expressions

Expression Affinity Type Description
-anti_pod:app=front-end pod hard anti-affinity never run the pod on alongside another pod which has label app=front-end
-anti_pod:app=front-end
-anti_pod:name=react		 pod hard anti-affinity never run the pod alongside another pod that has labels app=front-end and name=react
-anti_pod:app=front-end&name=react:soft pod soft anti-affinity prefer to NOT run the pod alongside another pod that has labels app=front-end and name=react
-anti_pod:app=front-end&name=react:soft:10
-anti_pod:app=front-end&name=flux:soft:20		 pod soft anti-affinity run the pod preferrably not alongside another pod that has labels app=front-end and name=flux, less preferrably not alongside another pod that has labels app=front-end and name=react, some other node if none of those options are available
-anti_pod:app=front-end
topology:k8s.io/hostname		 pod hard anti-affinity never run the pod on a node whose label value for the key k8s.io/hostname matches the value of the label in the node on which a pod with label app-front-end is running. i.e. never run these two pods on the same host

Container Overview

Field Type K8s counterpart(s) Description
command []string command The command that runs as the entrypoint to the container
args []floatOrString args The arguments to the command. Accepts both float and string values
env []Env env or envFrom The environment variables that get set in the container. See Environment Overview
image string image The Image of the container
pull string imagePullPolicy The image pull policy of the container. It can be "always", "never" or "if-not-present"
on_start action postStart Action to be taken right after container start. See Actions Overview
pre_stop action preStop Action to be taken right before container termination. See Actions Overview
cpu CPU resources The minimum and the maximum amount of CPUs for this container. More information below
mem Mem resources The minimum and the maximum amount of memory for this container. More information below
cap_add []string capabilites The linux capabilities to add to the container
cap_drop []string capabilities The linux capabilities to drop from the container
privileged bool privileged Run container in privileged mode
allow_escalation bool allowPrivilegeEscalation Denotes if processes can gain more privileges than its parents
rw and ro bool readOnlyFileSystem Mutually inverse flags that denote if the file system is read-only or read-write
force_non_root bool runAsNonRoot Indicates that the container must run as non-root user
uid int64 runAsUser Indicates that the container must run as a particular user
selinux Selinux seLinuxOptions SELinux context for the container. More information below
liveness_probe Probe livenessProbe A probe to check if the container is running and alive. See Probe Overview
readiness_probe Probe readinessProbe A probe to check if the container is ready. See Probe Overview
expose []Port Ports The set of ports to be exposed by the container. See Expose Overview
stdin bool stdin Allocate a buffer for stdin
stdin_once bool stdinOnce Close stdin after first attach
tty bool tty Allocate a TTY for container
wd string workingDir Working directory of the container
termination_msg_path string terminationMessagePath Path where container's termination msg will be read from
termination_msg_policy string terminationMessagePolicy The policy for handling the termination message. See Termination Message Policy Overview
volume []VolumeMount volumeMounts Mount volumes into the container. See VolumeMounts

The following fields are status fields and cannot be set

Field Type K8s counterpart(s) Description
container_id string status.containerStatus The ID of the container as UUID
image_id string status.imageId The ID of the image as UUID
ready bool status.ready Whether the container is ready or not
restarts int32 status.restartCount Number of times this container restarted
last_state ContainerState status.lastTerminationState Conditions of the container's last termination. See Container State
current_state ContainerState status.state Current condition of the container. See Container State

cpu and mem both can contain two fields

Field Type Description
min string The minimum amount of resource for the container to run
max string The maximum amount of resource that the container can use

cpu is measured in cpu units. A cpu unit roughly corresponds to 1 core in any machine. The smallest granule of cpu unit is one milli core denoted with an m succeeding the cpu unit value. 1m is a thousanth of 1 core. If no suffix is specified, then it is considered to be whole CPU units. Floating point values are accepted.

mem is measured as an integer or as fixed point integer with units such as E, P, T, G, M, k or power of two equivalents Ei, Pi, Ti, Gi, Mi, and ki.

Here's an example

cpu:
  min: 100m
  max: 0.5 # denotes half of a whole core

mem:
  min: 500M
  max: 1G

SELinux options can take these following fields

Field Type Description
user string SELinux user label
role string SELinux role label
type string SELinux type label
level string SELinux level label

Container State

Field Type Description
waiting ContainerStateWaiting Details about a waiting container
running ContainerStateRunning Details about a running container
terminated ContainerStateTerminated Details about a terminated container

ContainerStateWaiting

Field Type Description
reason string Reason for waiting
msg string Message

ContainerStateRunning

Field Type Description
start_time time Time of the last start of the container

ContainerStateTerminated

Field Type Description
reason string Reason for termination
msg string Message
exit_code int32 Exit code from the container process
signal int32 Signal from the container process
start_time time Time of the last start of the container
finish_time time Time of the termination of the container

Volume Mounts

Field Type Description
mount string Path at which the volume should be mounted
store string Name of the volume to be mounted
propagation MountPropagation Directionality of the mount propagation between host and container (See below.)

MountPropagation

MountPropagationType K8s counterpart Description
host-to-container HostToContainer Mounts from host are propagated into container. Not the other way around
bidirectional Bidirectional Mounts from host are propagated into container and mounts from container are propagated to host

Expose Overview

The expose syntax in Short can be of two types.

If it is a string, then the value is of the format

- $protocol://$ip:$host_port:$container_port

where protocol can take values TCP or UDP

The expose format in short allows any of the left sub-components to be omitted:

# valid expose syntax
- 8080 # expose container port 8080
- 80:8080 # expose host port 80 to container port 8080
- 10.10.1.10:80:8080 # expose host port 80 on nic with ip 10.10.1.10 to container port 8080
- UDP://10.10.1.10:80:8080 # expose host port 80 on 10.10.1.10 to container port 8080 as a UDP port

If the struct syntax is used, then the port can be named.

- port_name: UDP://10.10.1.10:80:8080 # port is named "port_name"

Note: struct and string syntax can be mixed and matched arbitrarily in the expose array.

Probe Overview

Field Type K8s counterpart(s) Description
action Action probe.handler An action that determines the state of the container. See Action Overview
delay int32 probe.initialDelaySeconds Number of seconds to wait before probing initially
timeout int32 probe.timeoutSeconds Number of seconds after which the probe times out (default 1)
interval int32 probe.periodSeconds Interval of time between two probes (default 10)
min_count_success int32 probe.successThreshold Minimum consecutive successful probes to be considered a success (default 1)
min_count_failure int32 probe.failureThreshold Minimum consecutive failed probes to be considered a failure (default 1)

Environment Overview

Env variables in Short can be a string or a struct. If it is a struct, then the keys are:

Field Type K8s counterpart(s) Description
from string container.EnvFrom Obtain environment from k8s resource. Can start with config: or secret:
key string container.EnvFrom Key of the environment variable or prefix to keys in k8s resource
required bool container.EnvFrom States whether the resource should exist before the creation of container

The list of env items can mix and match a combination of plain string or struct values. If plain string is used, then it can be one of two formats

If an env item is a struct, the from field is a string with either 2 or 3 :-separated sections. The first section indicates what kind of resource to extract value(s) from: Config Map (config) or Secret (secret). The second section is the name of the resource. The third (optional) section is a specific field to extract from the resource.

If a specific field is specified, its value is used for the env variable in the key field. Otherwise, each field in the named resource is added to the environment, and the key field is used as a prefix for each env variable name.

env values in Short can be of the following types

 # Set key
 - Key

 # Set key = value
 - Key=Value

 # Set environment from config map
 - from:config:$config_map_name
   key: Key  #This is prefixed to every key in the config_map
   required: true # denotes that the config map MUST exist before container creation

 # Set environment from config map key
 - from:config:$config_map_name:$key_in_config_map
   key: Key # This is the name of the env variable inside the container
   required: true

 # Set environment from secret
 - from: secret:$secret_name
   key: Key  #This is prefixed to every key in the secret
   required: true

 # Set environment from secret key
 - from: secret:$secret_name:$key_in_secret
   key: Key  #This is the name of the env variable inside the container
   required: true

Action Overview

Field Type K8s counterpart(s) Description
command []string container.lifecycle.postStar.exec The command to execute as the action
net NetAction container.lifecycle.postStart.httpGet and container.lifecycle.postStart.tcpSocket The network call to make as the action. See NetAction Overview

Here an example action

# command action
action:
  command: 
  - path
  - to
  - command

Note: NetAction examples provided in the NetAction Section

NetAction Overview

Field Type K8s counterpart(s) Description
headers []string container.lifecycle.postStart.httpGet.headers The headers that get sent as a part of the network call
url string container.lifecycle.postStart.httpGet.(path|port|host|scheme) The url of the network call

The URL should be of this form:

$SCHEME://$HOST:$PORT

where $SCHEME can be HTTP (default), HTTPS or TCP

Here's few examples of net actions

# net action
action:
  net:
   url: HTTP://localhost:8080/healthz
   headers:
   - X-CACHE-INVALIDATE:true
   - X-Authhorization:headervalue

# net tcp action
action:
  net:
   url: TCP://localhost:34312

Termination Message Policy Overview

The Termination Policy to use when handling Container Termination

Short Termination Policy K8s counterpart(s) Description
file File Read the container's status message from the file in termination_msg_path
fallback-to-logs-on-error FallbackToLogsOnError Read the container's status message from logs if file in termination_msg_path is empty

DNS Policy Overview

The DNS Policy supported by Short are the same DNS Policies as Kubernetes.

Short DNS Policy K8s counterpart(s) Description
cluster-first ClusterFirst Pod uses cluster DNS unless HostNetwork is true, then fallback to default DNS
cluster-first-with-host-net ClusterFirstWithHostNet Pod uses cluster DNS first, then fallback to default DNS
default Default Pod should use default DNS settings, as set in Kubelet

Host Aliases Overview

Host Aliases are entries to add to the /etc/hosts file.

The /etc/hosts file has multiple lines with data in each line of this format

127.0.0.1 localhost localhost.1

i.e the format can be summarized as $IP $HOST_NAME1 $HOST_NAME2 $HOST_NAME3...

This is the format followed in Short syntax. The following are valid Host Aliases in Short.

 - 127.0.0.1 localhost
 - 10.10.0.10 hp-printer hp-printer.office
 - 10.10.0.11 canon-printer cannon-printer.home

Host Mode Conversion

host_mode expects a list of strings. The list items can take any of the following values.

Value K8s counterpart(s) Description
net spec.hostNetwork=true Use the host's network namespace for the pod
pid spec.hostPID=true Use the host's PID namespace for the pod
ipc spec.hostIPC=true Use the host's IPC namespace for the pod

Account Conversion

Account in Short syntax correspond to the name of the ServiceAccount resource. The Short syntax also indicates if this should be automounted using the suffix :auto

Here's are example account values

account: default # service account default. Do not automount
account: apiAccess:auto  # service account apiAccess. Automount it.

Toleration Conversion

Field Type K8s counterpart(s) Description
selector string spec.toleration A string that selects the taint to tolerate. More information below
expiry_after int64 spec.toleration The number of seconds after which the toleration tolerates the taint

The selector string selects Taints using the following formats

- selector: TaintKey=TaintValue:Effect # tolerate the taint if key exists on node, matches value and effect
- selector: TaintKey:Effect  # tolerate the taint if key exists on node and effect matches
- selector: TaintKey  # tolerate the taint if the key exists on node
- selector: '*:Effect' # tolerate any taint with the given effect. quotes are needed for YAML to parse correctly.
- selector: '*' # tolerate any taint.

Priority

Field Type K8s counterpart(s) Description
class string spec.PriorityClassName Indicates the Pod's priority. SYSTEM is a reserved keyword with the highest priority
value int32 spec.Priority The priority value

Pod Condition

Field Type Description
reason string One word camel case reason for pod's last transition
msg string Human readable message about the pod's last transition
status ConditionStatus String value that represents the status of the condition. Can be "True", "False" or "Unknown"
type PodConditionType String value that represents the type of condition. Can be "scheduled", "ready" or "initialized"
last_probe_time time Last time the condition was probed
last_transition_time time Last time the condition transitioned

Volume Overview

This section describes the mechanism for specifying volume sources for the pod. In short syntax, Volume sources are always defined as a map.

Each of the keys of this map is considered to be the local reference(store) of the volume source, and this key should be referenced in the volume.store key in the container definition. Here's a simple example showing this behavior

# Pod with simple volume source
apiVersion: v1
kind: Pod
metadata:
  name: redis
spec:
  containers:
  - name: redis
    image: redis
    volumeMounts:
    - name: redis-storage
      mountPath: /data/redis
  volumes:
  - name: redis-storage
    emptyDir: {}

The equivalent short syntax looks like this

# short syntax for volume source with string as the value's type
pod:
  containers:
  - image: redis
    name: redis
    volume:
    - mount: /data/redis
      store: redis-storage  # The store is the local reference to the volume
  name: redis
  version: v1
  volumes:
    redis-storage: empty_dir # The key is the name of the volume

In case this information about the volume cannot be encoded in a single string easily, then the entry's value can be a map instead of a string. This is the case for most of the volume sources in Kubernetes. Here is an example depicting this syntax

# Pod with complex volume source
apiVersion: v1
kind: Pod
metadata:
  name: test-ebs
spec:
  containers:
  - image: gcr.io/google_containers/test-webserver
    name: test-container
    volumeMounts:
    - mountPath: /test-ebs
      name: test-volume
  volumes:
  - name: test-volume
    # This AWS EBS volume must already exist.
    awsElasticBlockStore:
      volumeID: <volume-id>
      fsType: ext4

# short syntax for volume source with map as the value's type
pod:
  containers:
  - image: gcr.io/google_containers/test-webserver
    name: test-container
    volume:
    - mount: /test-ebs
      store: test-volume   # The local reference is used to denote that the volume is used by this container
  name: test-ebs
  version: v1
  volumes:
    test-volume:    # The key is the local reference to the volume 
      fs: ext4      # parameters for the volume...
      vol_id: <volume-id> 
      vol_type: aws_ebs

Here's an example pod that has multiple volume sources (in short syntax)

pod:
  containers:
  - image: gcr.io/google_containers/test-webserver
    name: test-container
    volume:
    - mount: /test-ebs
      store: test-volume
    - mount: /test-empty-dir
      store: test-empty-dir-vol
  name: test-ebs
  version: v1
  volumes:
    test-empty-dir-vol: empty_dir    # Each key is a local reference to a volume
    test-volume:
      fs: ext4
      vol_id: <volume-id>
      vol_type: aws_ebs

The following volume sources are defined in Short syntax

Volume Source Link
Empty Directory empty_dir
AWS Elastic Block Store aws_ebs
Azure Disk azure_disk
Azure File azure_file
Ceph FS cephfs
Cinder cinder
Downward API downward_api
Fibre Channel fc
Flex flex
Flocker flocker
GCE Persistent Disk gce_pd
Git Repository git
GlusterFS glusterfs
Host Path host_path
ISCSI iscsi
NFS nfs
Persistent Volume Claim pvc
Photon Persistent Disk photon
Projected projected
Portworx portworx
QuoByte quobyte
RBD rbd
ScaleIO scaleio
Secret secret
Storage OS storageos
VSphere Volume vsphere

The next section describes the short syntax for each of the volume source types

Empty Directory
Field Type K8s counterpart(s) Description
max_size string SizeLimit The maximum amount of data that can be stored in this volume
medium string Medium The mechanism by which the storage is allocated to the volume
vol_type string - This should always be set to empty_dir for volumes of type empty_dir

Medium can take the following values

Medium Type Description
<empty value> Use the node default
memory Store the data in memory (tmpfs)
huge-pages Store the data in huge pages

Here's an example pod with empty directory volume source

pod:
  annotations:
    meta: _test
  cluster: test_cluster
  containers:
  - image: gcr.io/google_containers/test-webserver
    name: test-container
    volume:
    - mount: /test-volume
      store: test-volume
  labels:
    app: meta_test
  name: meta_test
  namespace: test
  version: v1
  volumes:
    test_volume:
      max_size: 500G
      medium: huge-pages
      vol_type: empty_dir
AWS Elastic Block Store
Field Type K8s counterpart(s) Description
fs string FSType Filesystem type of the volume that you want to mount
ro bool ReadOnly Make the volume read only
vol_id string VolumeID Unique ID of the persistent disk resource in AWS (Amazon EBS volume)
partition int32 Partition The partition in the volume that you want to mount
vol_type string - This should always be set to aws_ebs for volumes of type aws_ebs

Here's an example pod with aws ebs volume source

pod:
  annotations:
    meta: _test
  cluster: test_cluster
  labels:
    app: meta_test
  name: meta_test
  namespace: test
  version: v1
  containers:
  - image: gcr.io/google_containers/test-webserver
    name: test-container
    volume:
    - mount: /test-volume
      store: test-volume
  volumes:
    test_volume:
      fs: xfs
      ro: true
      vol_id: i4054053
      vol_type: aws_ebs
      partition: 2
Azure Disk
Field Type K8s counterpart(s) Description
fs string FSType Filesystem type of the volume that you want to mount
cache string CachingMode Host Caching mode
disk_uri string DataDiskURI The URI the data disk in the blob storage
disk_name string DiskName The Name of the data disk in the blob storage
kind string Kind The kind of azure disk volume
vol_type string - This should always be set to azure_disk for volumes of type azure_disk

Azure disks can be of the following Kinds

Azure disk Kind Description
dedicated This denotes single blob disks per storage account
shared This is the default value. This denotes multiple blob disks per storage account
managed Azure data disk (only in managed availability set)

Azure disk cache can take the following values

Azure Disk Caching Mode Description
none No caching
ro Cache reads
rw Cache reads and writes

Here's an example pod with azure disk volume source 

pod:
  annotations:
    meta: _test
  cluster: test_cluster
  labels:
    app: meta_test
  name: meta_test
  namespace: test
  version: v1
  containers:
  - image: gcr.io/google_containers/test-webserver
    name: test-container
    volume:
    - mount: /test-volume
      store: test-volume
  volumes:
    test_volume:
      cache: rw
      disk_name: azure_disk_name
      disk_uri: disk://uri.azure.disk
      fs: xfs
      kind: dedicated
      vol_type: azure_disk
Azure File

Azure file is a simple volume source. It doesn't have a map representation. It just uses plain string

The format of the string is

azure_file:{secret_name}:{share_name}:{ro}

where, secret_name and share_name are required fields and ro is optional

The description for each of the fields are provided in this table

Field Type K8s counterpart(s) Description
secret_name string SecretName The name of secret that contains Azure Storage Account Name and Key
share_name string ShareName Name of the share
ro string ReadOnly This is an optional field and should only be set if this volume is read-only. When it is not set, then the volume defaults to read-write
azure_file constant - This prefix is used to denote that this is an azure_file volume

Please note that this is a simple volume source with a string representation only

Here's an example pod with azure file volume source

pod:
  annotations:
    meta: _test
  cluster: test_cluster
  labels:
    app: meta_test
  name: meta_test
  namespace: test
  version: v1
  containers:
  - image: gcr.io/google_containers/test-webserver
    name: test-container
    volume:
    - mount: /test-volume
      store: test-volume
  volumes:
    test_volume: azure_file:azure_file_secret_name:azure_file_share_name:ro
Ceph FS
Field Type K8s counterpart(s) Description
monitors []string Monitors A list of Ceph monitors
ro bool ReadOnly Denote that the volume should be read only
secret string SecretFile, SecretRef Authentication secret for the user
user string User Rados user name. Defaults to admin
vol_type string - This should always be set to cephfs for volumes of type cephfs

The secret field is used to denote both SecretFile and SecretRef in the Kubernetes API resource. This is done by using one of the two prefixes for the value of the secret field.

Secret Field Prefix Description
ref:${secret_name} If the ref prefix is used, then it is a reference to a secret name
file:${/path/to/file} A path to keyring for the user. Defaults to /etc/ceph/user.secret

Here's an example pod with ceph fs volume source

pod:
  annotations:
    meta: _test
  cluster: test_cluster
  labels:
    app: meta_test
  name: meta_test
  namespace: test
  version: v1
  containers:
  - image: gcr.io/google_containers/test-webserver
    name: test-container
    volume:
    - mount: /test-volume
      store: test-volume
  volumes:
    test_volume:
      monitors:
      - monitor1
      - monitor2
      path: /path/to/nowhere
      ro: true
      secret: file:/path/to/secret   # can also be ref:secretname
      user: username
      vol_type: cephfs
Cinder
Field Type K8s counterpart(s) Description
fs string FSType Filesystem type of the volume that you want to mount
ro bool ReadOnly Make the volume read only
vol_id string VolumeID Identifier to reference the volume in Cinder
vol_type string - This should always be set to cinder for volumes of type cinder

Here's an example pod with cinder volume source

pod:
  annotations:
    meta: _test
  cluster: test_cluster
  labels:
    app: meta_test
  name: meta_test
  namespace: test
  version: v1
  containers:
  - image: gcr.io/google_containers/test-webserver
    name: test-container
    volume:
    - mount: /test-volume
      store: test-volume
  volumes:
    test_volume:
      fs: xfs
      ro: true
      vol_id: cinderID
      vol_type: cinder
Downward API
Field Type K8s counterpart(s) Description
items map[string]items Items A list of downward api sources
mode int32 DefaultMode Mode bits to use for created files that don't have mode set. Defaults to 0644
vol_type string - This should always be set to downward_api for volumes of type downward_api

The items map is a special map. The keys to the map are file paths of the files that will be created from the downward_api source. This key directly corresponds to the Path key in the DownwardAPIVolumeFile resource in the Kubernetes API.

The value to the file path key is a resource with the following fields

Field Type K8s counterpart(s) Description
field string FieldRef Selects a field of the pod: only annotations, labels, name and namespace are supported
resource string ResourceFieldRef Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported
mode int32 Mode Mode bits to use on this file. Overrides default mode

The volume for the resource field should satisfy the format

${container-name}:{resource}:{requirement}

where container-name is the name of the container, and resource is one of limits.cpu, limits.memory, request.cpu and requests.memory and requirement is the value for the resource.

Here's an example pod with downward api volume source

pod:
  annotations:
    meta: _test
  cluster: test_cluster
  labels:
    app: meta_test
  name: meta_test
  namespace: test
  version: v1
  containers:
  - image: gcr.io/google_containers/test-webserver
    name: test-container
    volume:
    - mount: /test-volume
      store: test-volume
  volumes:
    test_volume:
      items:
        path/to/file:
          field: metadata.annotation
          mode: "0644"
        path/to/file1:
          mode: "0644"
          resource: container-name:limits.cpu:1m
      mode: "0644"
      vol_type: downward_api
Fibre Channel
Field Type K8s counterpart(s) Description
fs string FSType Filesystem type of the volume that you want to mount
lun int32 Lun FC target lun number
ro bool ReadOnly Denote that the volume is read only. Defaults to false
wwid []string WWIDs FC volume world wide identifiers
wwn []string TargetWWNs FC target worldwide names
vol_type string - This should always be set to fc for volumes of type fc

Here's an example pod with fibre channel volume source 

pod:
  annotations:
    meta: _test
  cluster: test_cluster
  labels:
    app: meta_test
  name: meta_test
  namespace: test
  version: v1
  containers:
  - image: gcr.io/google_containers/test-webserver
    name: test-container
    volume:
    - mount: /test-volume
      store: test-volume
  volumes:
    test_volume:
      fs: xfs
      lun: 3
      ro: true
      vol_type: fc
      wwid:
      - wwid1
      - wwid2
      wwn:
      - wwn1
      - wwn2
Flex
Field Type K8s counterpart(s) Description
fs string FSType Filesystem type of the volume that you want to mount
ro bool ReadOnly Make the volume read only
driver string Driver Name of the flex driver for this volume
options map[string]string Options Additional parameters to send to the flex drive, if any
secret string SecretRef The name of the secret with sensitive information to pass to the flex driver
vol_type string - This should always be set to flex for volumes of type flex

Here's an example pod with flex volume source

pod:
  annotations:
    meta: _test
  cluster: test_cluster
  labels:
    app: meta_test
  name: meta_test
  namespace: test
  version: v1
  containers:
  - image: gcr.io/google_containers/test-webserver
    name: test-container
    volume:
    - mount: /test-volume
      store: test-volume
  volumes:
    test_volume:
      fs: xfs
      options:
        key: value
        key2: value2
      ro: true
      secret: secret_name
      driver: flex-driver
      vol_type: flex
Flocker

Flocker is a simple volume source. It doesn't have a map representation. It just uses plain string

The format of the string is

flocker:{uuid}

where, uuid is the unique identifier of the flocker dataset

and flocker is the volume type (mandatory constant)

Please note that this is a simple volume source with a string representation only

Here's an example pod with flocker volume source

pod:
  annotations:
    meta: _test
  cluster: test_cluster
  labels:
    app: meta_test
  name: meta_test
  namespace: test
  version: v1
  containers:
  - image: gcr.io/google_containers/test-webserver
    name: test-container
    volume:
    - mount: /test-volume
      store: test-volume
  volumes:
    test_volume: flocker:uuid
GCE Persistent Disk
Field Type K8s counterpart(s) Description
fs string FSType Filesystem type of the volume that you want to mount
ro bool ReadOnly Make the volume read only
vol_id string PDName Unique ID of the persistent disk resource in GCE (GCE PD volume)
partition int32 Partition The partition in the volume that you want to mount
vol_type string - This should always be set to gce_pd for volumes of type gce_pd

Here's an example pod with gce persistent disk volume source

pod:
  annotations:
    meta: _test
  cluster: test_cluster
  labels:
    app: meta_test
  name: meta_test
  namespace: test
  version: v1
  containers:
  - image: gcr.io/google_containers/test-webserver
    name: test-container
    volume:
    - mount: /test-volume
      store: test-volume
  volumes:
    test_volume:
      fs: xfs
      partition: 1
      ro: true
      vol_id: name_of_pd
      vol_type: gce_pd
GIT Repository
Field Type K8s counterpart(s) Description
dir string Directory Target directory name
rev string Revision Commit hash for the specfied revision
vol_id string Repository URL of the git repository
vol_type string - This should always be set to git for volumes of type git

Here's an example pod with git repository volume source

pod:
  annotations:
    meta: _test
  cluster: test_cluster
  labels:
    app: meta_test
  name: meta_test
  namespace: test
  version: v1
  containers:
  - image: gcr.io/google_containers/test-webserver
    name: test-container
    volume:
    - mount: /test-volume
      store: test-volume
  volumes:
    test_volume:
      dir: testdata
      rev: master
      vol_id: github.com/koki
      vol_type: git
Gluster FS
Field Type K8s counterpart(s) Description
ro bool ReadOnly Denotes that the volume is read-only
endpoints string Endpoints Endpoint name that details GlusterFS topology
path string Path GlusterFS volume path
vol_type string - This should always be set to glusterfs for volumes of type glusterfs

Here's an example pod with gluster fs volume source

pod:
  annotations:
    meta: _test
  cluster: test_cluster
  labels:
    app: meta_test
  name: meta_test
  namespace: test
  version: v1
  containers:
  - image: gcr.io/google_containers/test-webserver
    name: test-container
    volume:
    - mount: /test-volume
      store: test-volume
  volumes:
    test_volume:
      endpoints: endpointsName
      ro: true
      path: /path/to/gluster/vol
      vol_type: glusterfs
Host Path

Host Path is a simple volume source. It doesn't have a map representation. It just uses plain string

The format of the string is

host_path:{/path/to/dir}:{host_path_type}

where, /path/to/dir is a required field and host_path_type is optional

and host_path is the volume type (mandatory constant)

Host Path Type can take the following values

Host Path Type Description
<empty value> for backwards compatibility. This is also the default value
dir-or-create If nothing exists at the given path, an empty directory will be created there as needed with file mode 0755, having the same group and ownership with Kubelet
dir A directory must exist at the given path
file-or-create If nothing exists at the given path, an empty file will be created there as needed with file mode 0644, having the same group and ownership with Kubelet
file A file must exist at the given path
socket A UNIX socket must exist at the given path
char-dev A character device must exist at the given path
block-dev A block device must exist at the given path

Please note that this is a simple volume source with a string representation only

Here's an example pod with host path volume source

pod:
  annotations:
    meta: _test
  cluster: test_cluster
  labels:
    app: meta_test
  name: meta_test
  namespace: test
  version: v1
  containers:
  - image: gcr.io/google_containers/test-webserver
    name: test-container
    volume:
    - mount: /test-volume
      store: test-volume
  volumes:
    test_volume: host_path:/path/to/dir:block-dev
ISCSI
Field Type K8s counterpart(s) Description
fs string FSType Filesystem type of the volume that you want to mount
ro bool ReadOnly Make the volume read only
portals []string Portals iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)
chap_discovery bool DiscoveryCHAPAuth Denotes the support for iSCSI Discovery CHAP authentication
chap_session bool SessionCHAPAuth Denotes the support for iSCSI Session CHAP authentication
secret string SecretRef The name of the secret for iSCSI target and initiator authentication
initiator string InitiatorName Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface. <target portal>:<volume name> will be created for the connection
target_portal string TargetPortal iSCSI Target portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260)
iqn string IQN Target iSCSI qualified Name
lun int32 Lun Target iSCSI Lun number
iscsi_interface string ISCSIInterface iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp)
vol_type string - This should always be set to iscsi for volumes of type iscsi

Here's an example pod with iscsi volume source

pod:
  annotations:
    meta: _test
  cluster: test_cluster
  labels:
    app: meta_test
  name: meta_test
  namespace: test
  version: v1
  containers:
  - image: gcr.io/google_containers/test-webserver
    name: test-container
    volume:
    - mount: /test-volume
      store: test-volume
  volumes:
    test_volume:
      chap_discovery: true
      chap_session: true
      fs: xfs
      initiator: initiator.name
      iqn: iqn.iscsi.hello.world
      iscsi_interface: default
      lun: 45
      portals:
      - 127.0.0.1
      - 192.168.1.132:861
      ro: true
      secret: secretName
      target_portal: 10.10.0.10
      vol_type: iscsi
NFS

NFS is a simple volume source. It doesn't have a map representation. It just uses plain string

The format of the string is

nfs:{server_addr}:{/path/to/dir}:{ro}

where, server_addr and /path/to/dir are required fields and ro is optional

The descriptions for the above fields are provided in the table below

Fields Type K8s counterpart(s) Description
server_addr string Server Server is the hostname or IP address of the NFS server
/path/to/vol string Path Path that is exported by the NFS server
ro bool ReadOnly Make the volume read only. Defaults to false
vol_type string - This should always be set to nfs for volumes of type nfs

Please note that this is a simple volume source with a string representation only

Here's an example pod with nfs volume source

pod:
  annotations:
    meta: _test
  cluster: test_cluster
  labels:
    app: meta_test
  name: meta_test
  namespace: test
  version: v1
  containers:
  - image: gcr.io/google_containers/test-webserver
    name: test-container
    volume:
    - mount: /test-volume
      store: test-volume
  volumes:
    test_volume: nfs:server_addr:/path/to/data
Persistent Volume Claim

Persistent Volume Claim (PVC) is a simple volume source. It doesn't have a map representation. It just uses plain string

The format of the string is

pvc:{pvc_name}:{ro}

where, pvc_name is a required field and ro is optional

The descriptions for the above fields are provided in the table below

Fields Type K8s counterpart(s) Description
pvc_name string ClaimName Name of a PersistentVolumeClaim in the same namespace as the pod using this volume
ro bool ReadOnly Make the volume read only. Defaults to false
vol_type string - This should always be set to pvc for volumes of type pvc

Please note that this is a simple volume source with a string representation only

Here's an example pod with persistent volume claim volume source

pod:
  annotations:
    meta: _test
  cluster: test_cluster
  labels:
    app: meta_test
  name: meta_test
  namespace: test
  version: v1
  containers:
  - image: gcr.io/google_containers/test-webserver
    name: test-container
    volume:
    - mount: /test-volume
      store: test-volume
  volumes:
    test_volume: pvc:pvc_name:ro
Photon Persistent Disk

Photon Persistent Disk is a simple volume source. It doesn't have a map representation. It just uses plain string

The format of the string is

photon:{photon_id}:{fs}

where, photon_id is a required field and fs is optional

The descriptions for the above fields are provided in the table below

Fields Type K8s counterpart(s) Description
photon_id string pdID Identifier for Photon Controller Persistent Disk
fs string FSType Filesystem type of the volume that you want to mount
vol_type string - This should always be set to photon for volumes of type photon

Please note that this is a simple volume source with a string representation only

Here's an example pod with photon persistent disk volume source

pod:
  annotations:
    meta: _test
  cluster: test_cluster
  labels:
    app: meta_test
  name: meta_test
  namespace: test
  version: v1
  containers:
  - image: gcr.io/google_containers/test-webserver
    name: test-container
    volume:
    - mount: /test-volume
      store: test-volume
  volumes:
    test_volume: photon:pdname123:xfs
Projected
Field Type K8s counterpart(s) Description
sources []source Sources A list of Projected Sources
mode int32 DefaultMode Mode bits to use for created files that don't have mode set. Defaults to 0644
vol_type string - This should always be set to projected for volumes of type projected

Source is a special structure that takes on different forms based on the type of source. There are three types of sources

Source Type Description
Secret Source secret to project
Config Map Source configMap to project
Downward API Source downwardAPI to project

Note that this source type is used for conceptual understanding only, and is not used anywhere in short syntax

Secret Source
Field Type K8s counterpart(s) Description
items map[string]item Items A list of secret projections
secret string LocalObjectReference Name of the secret to project from

The items map for secret source is a special map. The keys to the map are the file paths of the files that will be created from the secret source. The key directly corresponds to the Key in the KeyToPath resource in Kubernetes API.

The value to the file path key for secret source is a string of the following format.

{key}:{mode}

where key is a key that should exist in the secret object being referenced, and mode is an optional field to override the default mode bits for the projected volume source

Config Map Source
Field Type K8s counterpart(s) Description
items map[string]item Items A list of secret projections
config string LocalObjectReference Name of the Config Map to project from

The items map for config map source is a special map. The keys to the map are the file paths of the files that will be created from the config map source. The key directly corresponds to the Key in the KeyToPath resource in Kubernetes API.

The value to the file path key for secret source is a string of the following format.

{key}:{mode}

where key is a key that should exist in the config map object being referenced, and mode is an optional field to override the default mode bits for the projected volume source

Downward API Source
Field Type K8s counterpart(s) Description
items map[string]item Items A list of downward api projections

The items map for downward api source is a special map, and different from the items map for secret and configmap. The keys to the map are file paths of the files that will be created from the downward_api source. This key directly corresponds to the Path key in the DownwardAPIVolumeFile resource in the Kubernetes API.

The value to the file path key for downward api source is a resource with the following fields

Field Type K8s counterpart(s) Description
field string FieldRef Selects a field of the pod: only annotations, labels, name and namespace are supported
resource string ResourceFieldRef Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported
mode int32 Mode Mode bits to use on this file. Overrides default mode

The volume for the resource field should satisfy the format

${container-name}:{resource}:{requirement}

where container-name is the name of the container, and resource is one of limits.cpu, limits.memory, request.cpu and requests.memory and requirement is the value for the resource.

Here's an example pod with projected volume source

pod:
  annotations:
    meta: _test
  cluster: test_cluster
  labels:
    app: meta_test
  name: meta_test
  namespace: test
  version: v1
  containers:
  - image: gcr.io/google_containers/test-webserver
    name: test-container
    volume:
    - mount: /test-volume
      store: test-volume
  volumes:
    test_volume:
      sources:
      - items:
          path/to/key: key:0644
        secret: secret_name
      - config: config_map_name
        items:
          path/to/key1: key:0644
      - items:
          path/to/file:
            field: metadata.annotation
            mode: "0644"
          path/to/file1:
            resource: container-name:limits.cpu:1m
      vol_type: projected
Portworx
Field Type K8s counterpart(s) Description
fs string FSType Filesystem type of the volume that you want to mount
ro bool ReadOnly Make the volume read only
vol_id string VolumeID Unique identifier a Portworx volume
vol_type string - This should always be set to portworx for volumes of type portworx

Here's an example pod with portworx volume source

pod:
  annotations:
    meta: _test
  cluster: test_cluster
  labels:
    app: meta_test
  name: meta_test
  namespace: test
  version: v1
  containers:
  - image: gcr.io/google_containers/test-webserver
    name: test-container
    volume:
    - mount: /test-volume
      store: test-volume
  volumes:
    test_volume:
      fs: xfs
      ro: true
      vol_id: 3094ejer
      vol_type: portworx
QuoByte
Field Type K8s counterpart(s) Description
ro bool ReadOnly Make the volume read only
vol_id string Volume Reference to already created QuoByte volume by name
user string User User to map volume access to. Defaults to serviceaccount user
group string Group Group to map volume access to. Defaults to no group
registry string Registry registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes
vol_type string - This should always be set to quobyte for volumes of type quobyte

Here's an example pod with quobyte volume source

pod:
  annotations:
    meta: _test
  cluster: test_cluster
  labels:
    app: meta_test
  name: meta_test
  namespace: test
  version: v1
  containers:
  - image: gcr.io/google_containers/test-webserver
    name: test-container
    volume:
    - mount: /test-volume
      store: test-volume
  volumes:
    test_volume:
      group: quobyte.group
      registry: registry.quobyte
      ro: true
      user: quobyte.user
      vol_id: volume.quobyte
      vol_type: quobyte
RBD
Field Type K8s counterpart(s) Description
fs string FSType Filesystem type of the volume that you want to mount
ro bool ReadOnly Make the volume read only
user string RadosUser Rados user name. Default is admin
pool string RBDPool Rados Pool name. Defaults to rbd
image string RBDImage Rados image name
monitors []string CephMonitors A list of ceph monitors
keyring string Keyring Keyring is the path to key ring for RBDUser. Defaults to /etc/ceph/keyring
secret string SecretRef Name of the authentication secret for RBDUser. If provided overrides keyring
vol_type string - This should always be set to rbd for volumes of type rbd

Here's an example pod with rbd volume source

pod:
  annotations:
    meta: _test
  cluster: test_cluster
  labels:
    app: meta_test
  name: meta_test
  namespace: test
  version: v1
  containers:
  - image: gcr.io/google_containers/test-webserver
    name: test-container
    volume:
    - mount: /test-volume
      store: test-volume
  volumes:
    test_volume:
      fs: ext4
      image: foo
      keyring: /etc/ceph/keyring
      monitors:
      - 1.2.3.4:6789
      - 1.2.3.5:6789
      pool: kube
      ro: true
      secret: secret-name
      user: admin
      vol_type: rbd
ScaleIO
Field Type K8s counterpart(s) Description
fs string FSType Filesystem type of the volume that you want to mount
ro bool ReadOnly Make the volume read only
gateway string Gateway The host address of the ScaleIO API Gateway
system string System The name of the storage system as configured in ScaleIO
secret string SecretRef Name of the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail
ssl bool SSLEnabled Flag to enable/disable SSL communication with Gateway, default false
protection_domain string ProtectionDomain The name of the ScaleIO Protection Domain for the configured storage
storage_pool string StoragePool The ScaleIO Storage Pool associated with the protection domain
storage_mode string StorageMode Indicates the storage mode for a volume
vol_id string VolumeName The name of a volume already created in the ScaleIO system that is associated with this volume source
vol_type string - This should always be set to scaleio for volumes of type scaleio

Where, the storage mode can be

Storage Mode Type Description
thick-provisioned Disk is allocated on creation
thin-provisioned Space required is allocated on demand

Here's an example pod with scaleio volume source

pod:
  annotations:
    meta: _test
  cluster: test_cluster
  labels:
    app: meta_test
  name: meta_test
  namespace: test
  version: v1
  containers:
  - image: gcr.io/google_containers/test-webserver
    name: test-container
    volume:
    - mount: /test-volume
      store: test-volume
  volumes:
    test_volume:
      fs: xfs
      gateway: gateway
      protection_domain: domain
      ro: true
      secret: secret
      ssl: true
      storage_mode: thick-provisioned
      storage_pool: storage.pool
      system: system
      vol_id: volName
      vol_type: scaleio
Secret
Field Type K8s counterpart(s) Description
required bool Optional Denotes that the secret should exist if set to true
mode int32 DefaultMode Mode bits to use for created files that don't have mode set. Defaults to 0644
items map[string]item Items A list of secret projections
vol_id string SecretName Name of the secret to project from
vol_type string - This should always be set to secret for volumes of type secret

The items map for secret source is a special map. The keys to the map are the file paths of the files that will be created from the secret source. The key directly corresponds to the Key in the KeyToPath resource in Kubernetes API.

The value to the file path key for secret source is a string of the following format.

{key}:{mode}

where key is a key that should exist in the secret object being referenced, and mode is an optional field to override the default mode bits for the secret volume source

Here's an example pod with secret volume source

pod:
  annotations:
    meta: _test
  cluster: test_cluster
  labels:
    app: meta_test
  name: meta_test
  namespace: test
  version: v1
  containers:
  - image: gcr.io/google_containers/test-webserver
    name: test-container
    volume:
    - mount: /test-volume
      store: test-volume
  volumes:
    test_volume:
      items:
        /path/to/key: key:0644
      mode: "0644"
      required: false
      vol_id: secret_name
      vol_type: secret
Storage OS
Field Type K8s counterpart(s) Description
fs string FSType Filesystem type of the volume that you want to mount
ro bool ReadOnly Make the volume read only
secret string SecretRef Name of the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted
vol_namespace string VolumeNamespace Scope of the volume in storageOS. Defaults to pod namespace if unspecified
vol_id string VolumeName The name of a volume in the storageOS system. Unique withing namespace
vol_type string - This should always be set to storageos for volumes of type storageos

Here's an example pod with storage os volume source

pod:
  annotations:
    meta: _test
  cluster: test_cluster
  labels:
    app: meta_test
  name: meta_test
  namespace: test
  version: v1
  containers:
  - image: gcr.io/google_containers/test-webserver
    name: test-container
    volume:
    - mount: /test-volume
      store: test-volume
  volumes:
    test_volume:
      fs: xfs
      ro: true
      secret: secret_name
      vol_id: storageOS.VolName
      vol_namespace: storageOS.VolNamespace
      vol_type: storageos
VSphere Volume
Field Type K8s counterpart(s) Description
fs string FSType Filesystem type of the volume that you want to mount
policy policy StoragePolicyName, StoragePolicyID Policy for policy based management
vol_id string VolumeName The path that identifies vsphere volume vmdk
vol_type string - This should always be set to vsphere for volumes of type vsphere

where the policy struct has the following fields

Field Type K8s counterpart(s) Description
id string StoragePolicyID Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName
name string StoragePolictName Storage Policy Based Management (SPBM) profile name

Here's an example pod with vsphere volume source

pod:
  annotations:
    meta: _test
  cluster: test_cluster
  labels:
    app: meta_test
  name: meta_test
  namespace: test
  version: v1
  containers:
  - image: gcr.io/google_containers/test-webserver
    name: test-container
    volume:
    - mount: /test-volume
      store: test-volume
  volumes:
    test_volume:
      fs: xfs
      policy:
        id: id
        name: policy
      vol_id: /path/to/vsphere/volume
      vol_type: vsphere

Examples

pod:
  containers:
  - expose:
    - 80
    image: nginx
    name: nginx
    readiness_probe:
      delay: 5
      timeout: 5
      net:
        url: HTTP://localhost:80/  #localhost denotes the localhost of the pod
  labels:
    name: nginx
  name: nginx
  version: v1

pod:
  containers:
  - command:
    - /bin/sh
    - -c
    - env
    env:
    - CONFIG_DIR=/config
    - from: secret:test-secret
      key: TEST_CMD_1
    - from: config:test-configmap:key-2
      key: TEST_CMD_2
    - from: metadata.name
      key: TEST_CMD_3
    image: gcr.io/google_containers/busybox
    name: test-container
  name: env-test-pod
  restart_policy: never
  version: v1


pod:
  affinity:
  - node: node:k8s.io/failure-domain=us-east1
  - node: node:k8s.io/failure-domain=us-east2
  containers:
  - image: nginx:latest
    name: nginx_container
  labels:
    app: nginx
  name: nginx
  version: v1

pod:
  containers:
  - cpu:
      max: 500m
    mem:
      min: 512m
    env:
    - MASTER=true
    expose:
    - 6379
    image: kubernetes/redis:v1
    name: master
    volume:
    - mount: /redis-master-data
      store: data
  - env:
    - SENTINEL=true
    expose:
    - 26379
    image: kubernetes/redis:v1
    name: sentinel
  labels:
    name: redis
    redis-sentinel: "true"
    role: master
  name: redis-master
  version: v1
  volumes:
  - type: empty-dir
    name: data

Skeleton

Short Type Skeleton
Pod skel

Here's a starter skeleton of a Short Pod.

pod:
  name: $name
  labels: 
    app: $name
  namespace: default
  version: v1
  containers:
    image: $image
    name: $container_name
    env:
    - $key=$val
    expose:
    - 80:8080 # hostPort:containerPort
  restart_policy: always