A pod is a group of one or more containers, the shared storage for those containers, and options about how to run the containers. Pods are always co-located and co-scheduled, and run in a shared context.
Read more at Kubernetes reference
resource "kubernetes_pod_v1" "test" {
metadata {
name = "terraform-example"
}
spec {
container {
image = "nginx:1.21.6"
name = "example"
env {
name = "environment"
value = "test"
}
port {
container_port = 80
}
liveness_probe {
http_get {
path = "/"
port = 80
http_header {
name = "X-Custom-Header"
value = "Awesome"
}
}
initial_delay_seconds = 3
period_seconds = 3
}
}
dns_config {
nameservers = ["1.1.1.1", "8.8.8.8", "9.9.9.9"]
searches = ["example.com"]
option {
name = "ndots"
value = 1
}
option {
name = "use-vc"
}
}
dns_policy = "None"
}
}
terraform version of the pods/pod-with-node-affinity.yaml example.
resource "kubernetes_pod_v1" "with_node_affinity" {
metadata {
name = "with-node-affinity"
}
spec {
affinity {
node_affinity {
required_during_scheduling_ignored_during_execution {
node_selector_term {
match_expressions {
key = "kubernetes.io/e2e-az-name"
operator = "In"
values = ["e2e-az1", "e2e-az2"]
}
}
}
preferred_during_scheduling_ignored_during_execution {
weight = 1
preference {
match_expressions {
key = "another-node-label-key"
operator = "In"
values = ["another-node-label-value"]
}
}
}
}
}
container {
name = "with-node-affinity"
image = "k8s.gcr.io/pause:2.0"
}
}
}
terraform version of the pods/pod-with-pod-affinity.yaml example.
resource "kubernetes_pod_v1" "with_pod_affinity" {
metadata {
name = "with-pod-affinity"
}
spec {
affinity {
pod_affinity {
required_during_scheduling_ignored_during_execution {
label_selector {
match_expressions {
key = "security"
operator = "In"
values = ["S1"]
}
}
topology_key = "failure-domain.beta.kubernetes.io/zone"
}
}
pod_anti_affinity {
preferred_during_scheduling_ignored_during_execution {
weight = 100
pod_affinity_term {
label_selector {
match_expressions {
key = "security"
operator = "In"
values = ["S2"]
}
}
topology_key = "failure-domain.beta.kubernetes.io/zone"
}
}
}
}
container {
name = "with-pod-affinity"
image = "k8s.gcr.io/pause:2.0"
}
}
}
The following arguments are supported:
metadata
- (Required) Standard pod's metadata. For more info see Kubernetes referencespec
- (Required) Spec of the pod owned by the clustertarget_state
- (Optional) A list of the pod phases that indicate whether it was successfully created. Options: "Pending", "Running", "Succeeded", "Failed", "Unknown". Default: "Running". For more info see Kubernetes referencemetadata
annotations
- (Optional) An unstructured key value map stored with the pod that may be used to store arbitrary metadata.generate_name
- (Optional) Prefix, used by the server, to generate a unique name ONLY IF the name
field has not been provided. This value will also be combined with a unique suffix. For more info see Kubernetes referencelabels
- (Optional) Map of string keys and values that can be used to organize and categorize (scope and select) the pod. May match selectors of replication controllers and services.name
- (Optional) Name of the pod, must be unique. Cannot be updated. For more info see Kubernetes referencenamespace
- (Optional) Namespace defines the space within which name of the pod must be unique.generation
- A sequence number representing a specific generation of the desired state.resource_version
- An opaque value that represents the internal version of this pod that can be used by clients to determine when pod has changed. For more info see Kubernetes referenceuid
- The unique in time and space value for this pod. For more info see Kubernetes referencespec
affinity
- (Optional) A group of affinity scheduling rules. If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.active_deadline_seconds
- (Optional) Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.automount_service_account_token
- (Optional) Indicates whether a service account token should be automatically mounted. Defaults to true
for Pods.container
- (Optional) List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. For more info see Kubernetes referenceinit_container
- (Optional) List of init containers belonging to the pod. Init containers always run to completion and each must complete successfully before the next is started. For more info see Kubernetes referencedns_policy
- (Optional) Set DNS policy for containers within the pod. Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. Optional: Defaults to 'ClusterFirst', see Kubernetes reference.dns_config
- (Optional) Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. Defaults to empty. See dns_config
block definition below.enable_service_links
- (Optional) Enables generating environment variables for service discovery. Optional: Defaults to true. For more info see Kubernetes reference.host_aliases
- (Optional) List of hosts and IPs that will be injected into the pod's hosts file if specified. Optional: Defaults to empty. See host_aliases
block definition below.host_ipc
- (Optional) Use the host's ipc namespace. Optional: Defaults to false.host_network
- (Optional) Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified.host_pid
- (Optional) Use the host's pid namespace.hostname
- (Optional) Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value.image_pull_secrets
- (Optional) ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. For more info see Kubernetes referencenode_name
- (Optional) NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements.node_selector
- (Optional) NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. For more info see Kubernetes reference.os
- (Optional) Specifies the OS of the containers in the pod.priority_class_name
- (Optional) If specified, indicates the pod's priority. 'system-node-critical' and 'system-cluster-critical' are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.restart_policy
- (Optional) Restart policy for all containers within the pod. One of Always, OnFailure, Never. For more info see Kubernetes reference.runtime_class_name
- (Optional) RuntimeClassName is a feature for selecting the container runtime configuration. The container runtime configuration is used to run a Pod's containers. For more info see Kubernetes referencesecurity_context
- (Optional) SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to emptyscheduler_name
- (Optional) If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.service_account_name
- (Optional) ServiceAccountName is the name of the ServiceAccount to use to run this pod. For more info see https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/.share_process_namespace
- (Optional) Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set.subdomain
- (Optional) If specified, the fully qualified Pod hostname will be "...svc.". If not specified, the pod will not have a domainname at all..termination_grace_period_seconds
- (Optional) Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process.toleration
- (Optional) Optional pod node tolerations. For more info see Kubernetes referencetopology_spread_constraint
- (Optional) Describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. For more info see Kubernetes referencevolume
- (Optional) List of volumes that can be mounted by containers belonging to the pod. For more info see Kubernetes referencereadiness_gate
- (Optional) If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True". More infoaffinity
node_affinity
- (Optional) Node affinity scheduling rules for the pod. For more info see Kubernetes referencepod_affinity
- (Optional) Inter-pod topological affinity. rules that specify that certain pods should be placed in the same topological domain (e.g. same node, same rack, same zone, same power domain, etc.) For more info see Kubernetes referencepod_anti_affinity
- (Optional) Inter-pod topological affinity. rules that specify that certain pods should be placed in the same topological domain (e.g. same node, same rack, same zone, same power domain, etc.) For more info see Kubernetes referencenode_affinity
required_during_scheduling_ignored_during_execution
- (Optional) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
preferred_during_scheduling_ignored_during_execution
- (Optional) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions.
required_during_scheduling_ignored_during_execution
node_selector_term
- (Required) A list of node selector terms. The terms are ORed.node_selector_term
match_expressions
- (Optional) A list of node selector requirements by node's labels.
match_fields
- (Optional) A list of node selector requirements by node's fields.
match_expressions
/ match_fields
key
- (Required) The label key that the selector applies to.
operator
- (Required) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
values
- (Optional) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer.
preferred_during_scheduling_ignored_during_execution
preference
- (Required) A node selector term, associated with the corresponding weight.
weight
- (Required) Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
preference
match_expressions
- (Optional) A list of node selector requirements by node's labels.
match_fields
- (Optional) A list of node selector requirements by node's fields.
match_expressions
/ match_fields
key
- (Required) The label key that the selector applies to.
operator
- (Required) Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
values
- (Optional) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer.
pod_affinity
required_during_scheduling_ignored_during_execution
- (Optional) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node.
preferred_during_scheduling_ignored_during_execution
- (Optional) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions.
pod_anti_affinity
required_during_scheduling_ignored_during_execution
- (Optional) If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node.
preferred_during_scheduling_ignored_during_execution
- (Optional) The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions.
required_during_scheduling_ignored_during_execution
(pod_affinity_term)label_selector
- (Optional) A label query over a set of resources, in this case pods.namespaces
- (Optional) Specifies which namespaces the label_selector
applies to (matches against). Null or empty list means "this pod's namespace"topology_key
- (Optional) This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the label_selector
in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topology_key
matches that of any node on which any of the selected pods is running. Empty topology_key
is not allowed.preferred_during_scheduling_ignored_during_execution
pod_affinity_term
- (Required) A pod affinity term, associated with the corresponding weight.weight
- (Required) Weight associated with matching the corresponding pod_affinity_term
, in the range 1-100.os
name
- (Required) Name is the name of the operating system. The currently supported values are linux
and windows
.container
args
- (Optional) Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. For more info see Kubernetes referencecommand
- (Optional) Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. For more info see Kubernetes referenceenv
- (Optional) Block of string name and value pairs to set in the container's environment. May be declared multiple times. Cannot be updated.env_from
- (Optional) List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.image
- (Optional) Docker image name. For more info see Kubernetes referenceimage_pull_policy
- (Optional) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. For more info see Kubernetes referencelifecycle
- (Optional) Actions that the management system should take in response to container lifecycle eventsliveness_probe
- (Optional) Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. For more info see Kubernetes referencename
- (Required) Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.port
- (Optional) Block(s) of ports to expose on the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. May be used multiple times. Cannot be updated.readiness_probe
- (Optional) Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. For more info see Kubernetes referenceresources
- (Optional) Compute Resources required by this container. Cannot be updated. For more info see Kubernetes referencesecurity_context
- (Optional) Security options the pod should run with. For more info see https://kubernetes.io/docs/tasks/configure-pod-container/security-context/.startup_probe
- (Optional) StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. For more info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes NOTE: This field is behind a feature gate prior to v1.17stdin
- (Optional) Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF.stdin_once
- (Optional) Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF.termination_message_path
- (Optional) Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Defaults to /dev/termination-log. Cannot be updated.termination_message_policy
- (Optional): Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.tty
- (Optional) Whether this container should allocate a TTY for itselfvolume_mount
- (Optional) Pod volumes to mount into the container's filesystem. Cannot be updated.working_dir
- (Optional) Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.aws_elastic_block_store
fs_type
- (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see Kubernetes referencepartition
- (Optional) The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).read_only
- (Optional) Whether to set the read-only property in VolumeMounts to "true". If omitted, the default is "false". For more info see Kubernetes referencevolume_id
- (Required) Unique ID of the persistent disk resource in AWS (Amazon EBS volume). For more info see Kubernetes referenceazure_disk
caching_mode
- (Required) Host Caching mode: None, Read Only, Read Write.data_disk_uri
- (Required) The URI the data disk in the blob storagedisk_name
- (Required) The Name of the data disk in the blob storagefs_type
- (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.read_only
- (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write).azure_file
read_only
- (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write).secret_name
- (Required) The name of secret that contains Azure Storage Account Name and Keyshare_name
- (Required) Share Namecapabilities
add
- (Optional) Added capabilitiesdrop
- (Optional) Removed capabilitiesceph_fs
monitors
- (Required) Monitors is a collection of Ceph monitors. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.path
- (Optional) Used as the mounted root, rather than the full Ceph tree, default is /.read_only
- (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false
(read/write). For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.secret_file
- (Optional) The path to key ring for User, default is /etc/ceph/user.secret. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.secret_ref
- (Optional) Reference to the authentication secret for User, default is empty. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.user
- (Optional) User is the rados user name, default is admin. For more info see https://github.com/kubernetes/examples/tree/master/volumes/cephfs/#how-to-use-it.cinder
fs_type
- (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see https://github.com/kubernetes/examples/blob/master/mysql-cinder-pd/README.md#mysql-installation-with-cinder-volume-plugin.read_only
- (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write). For more info see https://github.com/kubernetes/examples/blob/master/mysql-cinder-pd/README.md#mysql-installation-with-cinder-volume-plugin.volume_id
- (Required) Volume ID used to identify the volume in Cinder. For more info see https://github.com/kubernetes/examples/blob/master/mysql-cinder-pd/README.md#mysql-installation-with-cinder-volume-plugin.config_map
default_mode
- (Optional) Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.items
- (Optional) If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional
. Paths must be relative and may not contain the '..' path or start with '..'.optional
- (Optional) Specify whether the ConfigMap or its keys must be defined.name
- (Optional) Name of the referent. For more info see Kubernetes referenceconfig_map_ref
name
- (Required) Name of the referent. For more info see Kubernetes referenceoptional
- (Optional) Specify whether the ConfigMap must be definedconfig_map_key_ref
key
- (Optional) The key to select.name
- (Optional) Name of the referent. For more info see Kubernetes referenceoptional
- (Optional) Specify whether the Secret or its key must be defineddns_config
nameservers
- (Optional) A list of DNS name server IP addresses specified as strings. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed. Optional: Defaults to empty.option
- (Optional) A list of DNS resolver options specified as blocks with name
/value
pairs. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. Optional: Defaults to empty.searches
- (Optional) A list of DNS search domains for host-name lookup specified as strings. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed. Optional: Defaults to empty.The option
block supports the following:
name
- (Required) Name of the option.value
- (Optional) Value of the option. Optional: Defaults to empty.downward_api
default_mode
- (Optional) Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.items
- (Optional) If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error. Paths must be relative and may not contain the '..' path or start with '..'.empty_dir
medium
- (Optional) What type of storage medium should back this directory. The default is "" which means to use the node's default medium. Must be an empty string (default) or Memory. For more info see Kubernetes referencesize_limit
- (Optional) Total amount of local storage required for this EmptyDir volume. For more info see Kubernetes reference and Kubernetes Quantity type.env
name
- (Required) Name of the environment variable. Must be a C_IDENTIFIERvalue
- (Optional) Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".value_from
- (Optional) Source for the environment variable's valueenv_from
config_map_ref
- (Optional) The ConfigMap to select fromprefix
- (Optional) An optional identifer to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER..secret_ref
- (Optional) The Secret to select fromexec
command
- (Optional) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.fc
fs_type
- (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.lun
- (Required) FC target lun numberread_only
- (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false (read/write).target_ww_ns
- (Required) FC target worldwide names (WWNs)field_ref
api_version
- (Optional) Version of the schema the FieldPath is written in terms of, defaults to "v1".field_path
- (Optional) Path of the field to select in the specified API versionflex_volume
driver
- (Required) Driver is the name of the driver to use for this volume.fs_type
- (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.options
- (Optional) Extra command options if any.read_only
- (Optional) Whether to force the ReadOnly setting in VolumeMounts. Defaults to false (read/write).secret_ref
- (Optional) Reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.flocker
dataset_name
- (Optional) Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecateddataset_uuid
- (Optional) UUID of the dataset. This is unique identifier of a Flocker datasetgce_persistent_disk
fs_type
- (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see Kubernetes referencepartition
- (Optional) The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). For more info see Kubernetes referencepd_name
- (Required) Unique name of the PD resource in GCE. Used to identify the disk in GCE. For more info see Kubernetes referenceread_only
- (Optional) Whether to force the ReadOnly setting in VolumeMounts. Defaults to false. For more info see Kubernetes referencegit_repo
directory
- (Optional) Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.repository
- (Optional) Repository URLrevision
- (Optional) Commit hash for the specified revision.glusterfs
endpoints_name
- (Required) The endpoint name that details Glusterfs topology. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#create-a-pod.path
- (Required) The Glusterfs volume path. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#create-a-pod.read_only
- (Optional) Whether to force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#create-a-pod.grpc
port
- (Required) Number of the port to access on the container. Number must be in the range 1 to 65535.service
- (Optional) Name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC.host_aliases
hostnames
- (Required) Array of hostnames for the IP address.ip
- (Required) IP address of the host file entry.host_path
path
- (Optional) Path of the directory on the host. For more info see Kubernetes referencetype
- (Optional) Type for HostPath volume. Defaults to "". For more info see Kubernetes referencehttp_get
host
- (Optional) Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead.http_header
- (Optional) Scheme to use for connecting to the host.path
- (Optional) Path to access on the HTTP server.port
- (Optional) Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.scheme
- (Optional) Scheme to use for connecting to the host.http_header
name
- (Optional) The header field namevalue
- (Optional) The header field valueimage_pull_secrets
name
- (Required) Name of the referent. For more info see Kubernetes referenceiscsi
fs_type
- (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see Kubernetes referenceiqn
- (Required) Target iSCSI Qualified Name.iscsi_interface
- (Optional) iSCSI interface name that uses an iSCSI transport. Defaults to 'default' (tcp).lun
- (Optional) iSCSI target lun number.read_only
- (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false.target_portal
- (Required) iSCSI target portal. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).items
key
- (Optional) The key to project.mode
- (Optional) Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.path
- (Optional) The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.lifecycle
post_start
- (Optional) post_start is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. For more info see Kubernetes referencepre_stop
- (Optional) pre_stop is called immediately before a container is terminated. The container is terminated after the handler completes. The reason for termination is passed to the handler. Regardless of the outcome of the handler, the container is eventually terminated. Other management of the container blocks until the hook completes. For more info see Kubernetes referenceliveness_probe
exec
- (Optional) exec specifies the action to take.failure_threshold
- (Optional) Minimum consecutive failures for the probe to be considered failed after having succeeded.grpc
- (Optional) GRPC specifies an action involving a GRPC port. NOTE: This field is behind a feature gate prior to v1.24http_get
- (Optional) Specifies the http request to perform.initial_delay_seconds
- (Optional) Number of seconds after the container has started before liveness probes are initiated. For more info see Kubernetes referenceperiod_seconds
- (Optional) How often (in seconds) to perform the probesuccess_threshold
- (Optional) Minimum consecutive successes for the probe to be considered successful after having failed.tcp_socket
- (Optional) TCPSocket specifies an action involving a TCP port. TCP hooks not yet supportedtimeout_seconds
- (Optional) Number of seconds after which the probe times out. For more info see Kubernetes referencenfs
path
- (Required) Path that is exported by the NFS server. For more info see Kubernetes referenceread_only
- (Optional) Whether to force the NFS export to be mounted with read-only permissions. Defaults to false. For more info see Kubernetes referenceserver
- (Required) Server is the hostname or IP address of the NFS server. For more info see Kubernetes referencepersistent_volume_claim
claim_name
- (Optional) ClaimName is the name of a PersistentVolumeClaim in the sameread_only
- (Optional) Will force the ReadOnly setting in VolumeMounts.photon_persistent_disk
fs_type
- (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.pd_id
- (Required) ID that identifies Photon Controller persistent diskport
container_port
- (Required) Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.host_ip
- (Optional) What host IP to bind the external port to.host_port
- (Optional) Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.name
- (Optional) If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by servicesprotocol
- (Optional) Protocol for port. Must be UDP or TCP. Defaults to "TCP".post_start
exec
- (Optional) exec specifies the action to take.http_get
- (Optional) Specifies the http request to perform.tcp_socket
- (Optional) TCPSocket specifies an action involving a TCP port. TCP hooks not yet supportedpre_stop
exec
- (Optional) exec specifies the action to take.http_get
- (Optional) Specifies the http request to perform.tcp_socket
- (Optional) TCPSocket specifies an action involving a TCP port. TCP hooks not yet supportedquobyte
group
- (Optional) Group to map volume access to Default is no groupread_only
- (Optional) Whether to force the Quobyte volume to be mounted with read-only permissions. Defaults to false.registry
- (Required) Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumesuser
- (Optional) User to map volume access to Defaults to serivceaccount uservolume
- (Required) Volume is a string that references an already created Quobyte volume by name.rbd
ceph_monitors
- (Required) A collection of Ceph monitors. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd/#how-to-use-it.fs_type
- (Optional) Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. For more info see Kubernetes referencekeyring
- (Optional) Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd/#how-to-use-it.rados_user
- (Optional) The rados user name. Default is admin. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd/#how-to-use-it.rbd_image
- (Required) The rados image name. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd/#how-to-use-it.rbd_pool
- (Optional) The rados pool name. Default is rbd. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd/#how-to-use-it.read_only
- (Optional) Whether to force the read-only setting in VolumeMounts. Defaults to false. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd/#how-to-use-it.secret_ref
- (Optional) Name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. For more info see https://github.com/kubernetes/examples/tree/master/volumes/rbd/#how-to-use-it.readiness_probe
exec
- (Optional) exec specifies the action to take.failure_threshold
- (Optional) Minimum consecutive failures for the probe to be considered failed after having succeeded.grpc
- (Optional) GRPC specifies an action involving a GRPC port. NOTE: This field is behind a feature gate prior to v1.24http_get
- (Optional) Specifies the http request to perform.initial_delay_seconds
- (Optional) Number of seconds after the container has started before readiness probes are initiated. For more info see Kubernetes referenceperiod_seconds
- (Optional) How often (in seconds) to perform the probesuccess_threshold
- (Optional) Minimum consecutive successes for the probe to be considered successful after having failed.tcp_socket
- (Optional) TCPSocket specifies an action involving a TCP port. TCP hooks not yet supportedtimeout_seconds
- (Optional) Number of seconds after which the probe times out. For more info see Kubernetes referenceresources
limits
- (Optional) Describes the maximum amount of compute resources allowed. For more info see Kubernetes referencerequests
- (Optional) Describes the minimum amount of compute resources required.resources
is a computed attribute and thus if it is not configured in terraform code, the value will be computed from the returned Kubernetes object. That causes a situation when removing resources
from terraform code does not update the Kubernetes object. In order to delete resources
from the Kubernetes object, configure an empty attribute in your code.
Please, look at the example below:
resources {
limits = {}
requests = {}
}
resource_field_ref
container_name
- (Optional) The name of the containerresource
- (Required) Resource to selectdivisor
- (Optional) Specifies the output format of the exposed resources, defaults to "1".seccomp_profile
type
- Indicates which kind of seccomp profile will be applied. Valid options are:
Localhost
- a profile defined in a file on the node should be used.RuntimeDefault
- the container runtime default profile should be used.Unconfined
- (Default) no profile should be applied.localhost_profile
- Indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type
is Localhost
.se_linux_options
level
- (Optional) Level is SELinux level label that applies to the container.role
- (Optional) Role is a SELinux role label that applies to the container.type
- (Optional) Type is a SELinux type label that applies to the container.user
- (Optional) User is a SELinux user label that applies to the container.secret
default_mode
- (Optional) Mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.items
- (Optional) List of Secret Items to project into the volume. See items
block definition below. If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional
. Paths must be relative and may not contain the '..' path or start with '..'.optional
- (Optional) Specify whether the Secret or its keys must be defined.secret_name
- (Optional) Name of the secret in the pod's namespace to use. For more info see Kubernetes referenceThe items
block supports the following:
key
- (Required) The key to project.mode
- (Optional) Mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used.path
- (Required) The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.secret_ref
name
- (Required) Name of the referent. For more info see Kubernetes referenceoptional
- (Optional) Specify whether the Secret must be definedsecret_key_ref
key
- (Optional) The key of the secret to select from. Must be a valid secret key.name
- (Optional) Name of the referent. For more info see Kubernetes referenceoptional
- (Optional) Specify whether the Secret or its key must be definedsecret_ref
name
- (Optional) Name of the referent. For more info see Kubernetes referencesecurity_context
allow_privilege_escalation
- (Optional) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMINcapabilities
- (Optional) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime.privileged
- (Optional) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.read_only_root_filesystem
- (Optional) Whether this container has a read-only root filesystem. Default is false.run_as_group
- (Optional) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.run_as_non_root
- (Optional) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.run_as_user
- (Optional) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.seccomp_profile
- The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.se_linux_options
- (Optional) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.sysctl
- (Optional) holds a list of namespaced sysctls used for the pod. see Sysctl block. See official docs for more details.name
- (Required) Name of a property to set.value
- (Required) Value of a property to set.capabilities
add
- (Optional) A list of added capabilities.drop
- (Optional) A list of removed capabilities.security_context
fs_group
- (Optional) A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume.run_as_group
- (Optional) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.run_as_non_root
- (Optional) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.run_as_user
- (Optional) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.seccomp_profile
- The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.se_linux_options
- (Optional) The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container.supplemental_groups
- (Optional) A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container.tcp_socket
port
- (Required) Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.toleration
effect
- (Optional) Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.key
- (Optional) Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.operator
- (Optional) Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.toleration_seconds
- (Optional) TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.value
- (Optional) Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.topology_spread_constraint
match_label_keys
- (Optional) Is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both match_label_keys
and label_selector
. match_label_keys
cannot be set when label_selector
isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against label_selector
.max_skew
- (Optional) Describes the degree to which pods may be unevenly distributed. Default value is 1
.min_domains
- (Optional) Indicates a minimum number of eligible domains. Must be number greater than 0
. When set, when_unsatisfiable
must be set to DoNotSchedule
.node_affinity_policy
- (Optional) Indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Valid values are Honor
and Ignore
. When unset, behavior defaults to Honor
.node_taints_policy
- (Optional) Indicates how we will treat node taints when calculating pod topology spread skew. Valid values are Honor
and Ignore
. When unset, behavior defaults to Ignore
.topology_key
- (Optional) The key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology.when_unsatisfiable
- (Optional) Indicates how to deal with a pod if it doesn't satisfy the spread constraint. Valid values are DoNotSchedule
and ScheduleAnyway
. Default value is DoNotSchedule
.label_selector
- (Optional) A label query over a set of resources, in this case pods.value_from
config_map_key_ref
- (Optional) Selects a key of a ConfigMap.field_ref
- (Optional) Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.podIP.resource_field_ref
- (Optional) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.secret_key_ref
- (Optional) Selects a key of a secret in the pod's namespace.projected
default_mode
- (Optional) Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.sources
- (Required) List of volume projection sourcessources
config_map
- (Optional) Adapts a ConfigMap into a projected volume. The contents of the target ConfigMap's Data field will be presented in a projected volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. Note that this is identical to a configmap volume source without the default mode.downward_api
- (Optional) Represents downward API info for projecting into a projected volume. Note that this is identical to a downward_api volume source without the default mode.secret
- (Optional) Adapts a secret into a projected volume. The contents of the target Secret's Data field will be presented in a projected volume as files using the keys in the Data field as the file names. Note that this is identical to a secret volume source without the default mode.service_account_token
- (Optional) Represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).service_account_token
audience
- (Optional) Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.expiration_seconds
- (Optional) The requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.path
- (Required) Path is the path relative to the mount point of the file to project the token into.volume
aws_elastic_block_store
- (Optional) Represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. For more info see Kubernetes referenceazure_disk
- (Optional) Represents an Azure Data Disk mount on the host and bind mount to the pod.azure_file
- (Optional) Represents an Azure File Service mount on the host and bind mount to the pod.ceph_fs
- (Optional) Represents a Ceph FS mount on the host that shares a pod's lifetimecinder
- (Optional) Represents a cinder volume attached and mounted on kubelets host machine. For more info see https://github.com/kubernetes/examples/blob/master/mysql-cinder-pd/README.md#mysql-installation-with-cinder-volume-plugin.config_map
- (Optional) ConfigMap represents a configMap that should populate this volumedownward_api
- (Optional) DownwardAPI represents downward API about the pod that should populate this volumeempty_dir
- (Optional) EmptyDir represents a temporary directory that shares a pod's lifetime. For more info see Kubernetes referenceephemeral
- (Optional) Represents an ephemeral volume that is handled by a normal storage driver. For more info see Kubernetes referencefc
- (Optional) Represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.flex_volume
- (Optional) Represents a generic volume resource that is provisioned/attached using an exec based plugin. This is an alpha feature and may change in future.flocker
- (Optional) Represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being runninggce_persistent_disk
- (Optional) Represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin. For more info see Kubernetes referencegit_repo
- (Optional) GitRepo represents a git repository at a particular revision.glusterfs
- (Optional) Represents a Glusterfs volume that is attached to a host and exposed to the pod. Provisioned by an admin. For more info see https://github.com/kubernetes/examples/tree/master/volumes/glusterfs#glusterfs.host_path
- (Optional) Represents a directory on the host. Provisioned by a developer or tester. This is useful for single-node development and testing only! On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. For more info see Kubernetes referenceiscsi
- (Optional) Represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin.name
- (Optional) Volume's name. Must be a DNS_LABEL and unique within the pod. For more info see Kubernetes referencenfs
- (Optional) Represents an NFS mount on the host. Provisioned by an admin. For more info see Kubernetes referencepersistent_volume_claim
- (Optional) The specification of a persistent volume.photon_persistent_disk
- (Optional) Represents a PhotonController persistent disk attached and mounted on kubelets host machineprojected
(Optional) Items for all in one resources secrets, configmaps, and downward API.quobyte
- (Optional) Quobyte represents a Quobyte mount on the host that shares a pod's lifetimerbd
- (Optional) Represents a Rados Block Device mount on the host that shares a pod's lifetime. For more info see https://kubernetes.io/docs/concepts/storage/volumes/#rbd.secret
- (Optional) Secret represents a secret that should populate this volume. For more info see Kubernetes referencevsphere_volume
- (Optional) Represents a vSphere volume attached and mounted on kubelets host machinevolume_mount
mount_path
- (Required) Path within the container at which the volume should be mounted. Must not contain ':'.name
- (Required) This must match the Name of a Volume.read_only
- (Optional) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.sub_path
- (Optional) Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).mount_propagation
- (Optional) Mount propagation mode. Defaults to "None". For more info see Kubernetes referencevsphere_volume
fs_type
- (Optional) Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.volume_path
- (Required) Path that identifies vSphere volume vmdkephemeral
volume_claim_template
- (Required) Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC.volume_claim_template
metadata
- (Optional) May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.spec
- (Required) Please see the persistent_volume_claim_v1 resource for reference.readiness_gate
condition_type
- (Required) refers to a condition in the pod's condition list with matching type.The following Timeout configuration options are available for the kubernetes_pod_v1
resource:
create
- (Default 5 minutes
) Used for Creating Pods.delete
- (Default 5 minutes
) Used for Destroying Pods.Pod can be imported using the namespace and name, e.g.
$ terraform import kubernetes_pod_v1.example default/terraform-example