云原生|kubernetes|kubernetes资源备份和集群迁移神器velero的部署和使用

前言:

kubernetes集群需要灾备吗?kubernetes需要迁移吗? 答案肯定是需要的

那么,如何做kubernetes灾备和迁移呢?当然了,有很多的方法,例如,自己编写shell脚本,或者使用专业的灾备工具,但shell编写复杂,也可能会有所遗漏,对比其它的kubernetes专业备份软件,很多备份条件苛刻,安装部署困难,或者恢复只能一把梭,也就是备份和恢复不太灵活的那种样子,比如,Kasten K10 就部署比较麻烦(过于重),备份也不太灵光的样子。

velero 这个备份工具比较好,优点有 部署简单,快速,备份范围可定制,例如只备份deployment这样的资源,只备份某个namespace等等,也就是备份范围灵活,可控,恢复速度也是很快的,在kubernetes集群迁移方面也是基本没有缺点,只是在安全性方面可能不是特别的确定,因为velero主要是基于对象存储插件来备份的,一般是obs,oss或者minio,而这些面向对象存储的安全性无法确定的保障,关键的是该软件是go语言编写的,天生和kubernetes这样的云原生对味。

下面本文将就velero的部署和基本使用做一个介绍。

一,

示例环境介绍

VMware虚拟机,四台服务器,IP地址分别是192.168.123.11,192.168.123.12,192.168.123.13,192.168.123.14 操作系统是centos-7.5 ,内核版本是3.10, kubernetes集群是通过kubekey部署的,版本是1.23.16, 三个master节点,一个工作节点:

下面是环境详情:

bash 复制代码
[root@node4 nginx-app]# k get no
NAME    STATUS   ROLES                  AGE    VERSION
node1   Ready    control-plane,master   160d   v1.23.16
node2   Ready    control-plane,master   160d   v1.23.16
node3   Ready    control-plane,master   160d   v1.23.16
node4   Ready    worker                 160d   v1.23.16
[root@node4 nginx-app]# cat /etc/redhat-release 
CentOS Linux release 7.7.1908 (Core)

[root@node4 nginx-app]# uname -a
Linux node4 3.10.0-1062.el7.x86_64 #1 SMP Wed Aug 7 18:08:02 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux


[root@node4 nginx-app]# k top no
NAME    CPU(cores)   CPU%   MEMORY(bytes)   MEMORY%   
node1   162m         4%     3131Mi          96%       
node2   136m         3%     2958Mi          90%       
node3   132m         3%     3047Mi          93%       
node4   104m         2%     1609Mi          49%   
[root@node4 nginx-app]# k get po -A -owide
NAMESPACE     NAME                                       READY   STATUS    RESTARTS         AGE     IP               NODE    NOMINATED NODE   READINESS GATES
kube-system   calico-kube-controllers-84897d7cdf-crnmk   1/1     Running   1 (15h ago)      18h     10.244.32.17     node2   <none>           <none>
kube-system   calico-node-2m7hp                          1/1     Running   15 (13d ago)     160d    192.168.123.11   node1   <none>           <none>
kube-system   calico-node-5ztjk                          1/1     Running   8 (18h ago)      160d    192.168.123.14   node4   <none>           <none>
kube-system   calico-node-96dmb                          1/1     Running   9 (39d ago)      160d    192.168.123.13   node3   <none>           <none>
kube-system   calico-node-rqp2p                          1/1     Running   213 (15h ago)    160d    192.168.123.12   node2   <none>           <none>
kube-system   coredns-b7c47bcdc-6vdk2                    1/1     Running   0                39d     10.244.26.10     node1   <none>           <none>
kube-system   coredns-b7c47bcdc-db9cp                    1/1     Running   1 (15h ago)      18h     10.244.32.18     node2   <none>           <none>
kube-system   haproxy-node4                              1/1     Running   5 (18h ago)      160d    192.168.123.14   node4   <none>           <none>
kube-system   kube-apiserver-node1                       1/1     Running   161 (104d ago)   160d    192.168.123.11   node1   <none>           <none>
kube-system   kube-apiserver-node2                       1/1     Running   8 (15h ago)      160d    192.168.123.12   node2   <none>           <none>
kube-system   kube-apiserver-node3                       1/1     Running   7 (42h ago)      160d    192.168.123.13   node3   <none>           <none>
kube-system   kube-controller-manager-node1              1/1     Running   12 (43h ago)     160d    192.168.123.11   node1   <none>           <none>
kube-system   kube-controller-manager-node2              1/1     Running   11 (15h ago)     160d    192.168.123.12   node2   <none>           <none>
kube-system   kube-controller-manager-node3              1/1     Running   14 (9h ago)      160d    192.168.123.13   node3   <none>           <none>
kube-system   kube-proxy-649mn                           1/1     Running   5 (18h ago)      160d    192.168.123.14   node4   <none>           <none>
kube-system   kube-proxy-7q7ts                           1/1     Running   6 (39d ago)      160d    192.168.123.13   node3   <none>           <none>
kube-system   kube-proxy-dmd7v                           1/1     Running   8 (15h ago)      160d    192.168.123.12   node2   <none>           <none>
kube-system   kube-proxy-fpb6z                           1/1     Running   5 (104d ago)     160d    192.168.123.11   node1   <none>           <none>
kube-system   kube-scheduler-node1                       1/1     Running   15 (2d20h ago)   160d    192.168.123.11   node1   <none>           <none>
kube-system   kube-scheduler-node2                       1/1     Running   12 (15h ago)     160d    192.168.123.12   node2   <none>           <none>
kube-system   kube-scheduler-node3                       1/1     Running   12 (42h ago)     160d    192.168.123.13   node3   <none>           <none>
kube-system   kube-state-metrics-57794dcf65-rl967        1/1     Running   0                4h38m   10.244.41.62     node4   <none>           <none>
kube-system   metrics-server-5fcc7b68b7-wsrk7            1/1     Running   2 (4h38m ago)    4h38m   10.244.41.63     node4   <none>           <none>
kube-system   nodelocaldns-565pz                         1/1     Running   8 (15h ago)      160d    192.168.123.12   node2   <none>           <none>
kube-system   nodelocaldns-dpwlx                         1/1     Running   6 (39d ago)      160d    192.168.123.13   node3   <none>           <none>
kube-system   nodelocaldns-ndlbw                         1/1     Running   5 (18h ago)      160d    192.168.123.14   node4   <none>           <none>
kube-system   nodelocaldns-r8gjl                         1/1     Running   5 (104d ago)     160d    192.168.123.11   node1   <none>           <none>
velero        nginx-6888c79454-rhgdw                     1/1     Running   0                4h8m    10.244.41.67     node4   <none>           <none>
velero        restic-2wkqs                               1/1     Running   0                4h8m    10.244.32.21     node2   <none>           <none>
velero        restic-kw2wl                               1/1     Running   0                4h8m    10.244.26.13     node1   <none>           <none>
velero        restic-qv6rn                               1/1     Running   0                4h8m    10.244.28.10     node3   <none>           <none>
velero        restic-ssfrg                               1/1     Running   0                4h8m    10.244.41.65     node4   <none>           <none>
velero        velero-fbb9469f6-vf4z5                     1/1     Running   0                4h8m    10.244.41.64     node4   <none>           <none>

二,

velero的强依赖

前面也说了velero需要对象存储插件或者服务,这里可以是oss,obs,minio这样的常用的对象存储,本例既然是做实验,当然不会搞一个云厂商主流的oos,显然部署oos是不现实的嘛,那么,minio还是可以搞一搞的,前两天已经把部署minio分布式集群写过了,在这里就不重复了,见我的博客:

云原生|对象存储|minio分布式集群的搭建和初步使用(可用于生产)-CSDN博客

三,

velero的下载和部署

下载地址: https://github.com/vmware-tanzu/velero/releases?page=4

本例使用的版本是velero-v1.9.4-linux-amd64.tar.gz

部署:

解压文件后,扔到/usr/bin/目录下即可,确认版本,最好是放置在kubernetes集群的管理节点,因为velero需要使用KUBECONFIG来获取备份所需的信息:

bash 复制代码
[root@node4 nginx-app]# velero version
Client:
	Version: v1.9.4
	Git commit: ddfc962282783cf2f0bf364c9d721f88fa4cc058
Server:
	Version: v1.9.4

该命令可以像kubelet一样设置自动补全,Linux下的自动补全非常简单,前提是安装bash_complete:

bash 复制代码
velero completion bash >/etc/bash_completion.d/velero

If you have an alias for velero, you can extend shell completion to work with that alias(如果需要简化命令和自动补全,执行下面的命令即可):

bash 复制代码
echo 'alias v=velero' >>~/.bashrc
echo 'complete -F __start_velero v' >>~/.bashrc

下面是通过命令生成部署清单文件,一般不建议直接安装,毕竟留一个安装文件也好及时调整修改嘛(--dry-run 然后输出为yaml):

minio的console用户和密码

bash 复制代码
[root@node4 ~]# cat credentials-velero 
[default]
aws_access_key_id=minioadmin
aws_secret_access_key=minioadmin

需要注意,kubernetes集群的版本必须是1.16及以上,如果是使用minio,下面的命令不需要更改,s3url根据实际情况填写,minio登录web管理界面,创建一个桶,桶名称为velero 就可以了

bash 复制代码
velero install     --use-restic     --provider aws     --plugins velero/velero-plugin-for-aws:v1.5.0     --bucket velero     --secret-file /root/credentials-velero     --use-volume-snapshots=false     --backup-location-config region=minio,s3ForcePathStyle="true",s3Url=http://192.168.123.11:39111     --dry-run -o yaml > velero.yaml

部署清单文件的内容(内容非常长):

bash 复制代码
apiVersion: v1
items:
- apiVersion: apiextensions.k8s.io/v1
  kind: CustomResourceDefinition
  metadata:
    annotations:
      controller-gen.kubebuilder.io/version: v0.7.0
    creationTimestamp: null
    labels:
      component: velero
    name: backups.velero.io
  spec:
    group: velero.io
    names:
      kind: Backup
      listKind: BackupList
      plural: backups
      singular: backup
    scope: Namespaced
    versions:
    - name: v1
      schema:
        openAPIV3Schema:
          description: Backup is a Velero resource that represents the capture of
            Kubernetes cluster state at a point in time (API objects and associated
            volume state).
          properties:
            apiVersion:
              description: 'APIVersion defines the versioned schema of this representation
                of an object. Servers should convert recognized schemas to the latest
                internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
              type: string
            kind:
              description: 'Kind is a string value representing the REST resource
                this object represents. Servers may infer this from the endpoint the
                client submits requests to. Cannot be updated. In CamelCase. More
                info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
              type: string
            metadata:
              type: object
            spec:
              description: BackupSpec defines the specification for a Velero backup.
              properties:
                csiSnapshotTimeout:
                  description: CSISnapshotTimeout specifies the time used to wait
                    for CSI VolumeSnapshot status turns to ReadyToUse during creation,
                    before returning error as timeout. The default value is 10 minute.
                  type: string
                defaultVolumesToRestic:
                  description: DefaultVolumesToRestic specifies whether restic should
                    be used to take a backup of all pod volumes by default.
                  type: boolean
                excludedNamespaces:
                  description: ExcludedNamespaces contains a list of namespaces that
                    are not included in the backup.
                  items:
                    type: string
                  nullable: true
                  type: array
                excludedResources:
                  description: ExcludedResources is a slice of resource names that
                    are not included in the backup.
                  items:
                    type: string
                  nullable: true
                  type: array
                hooks:
                  description: Hooks represent custom behaviors that should be executed
                    at different phases of the backup.
                  properties:
                    resources:
                      description: Resources are hooks that should be executed when
                        backing up individual instances of a resource.
                      items:
                        description: BackupResourceHookSpec defines one or more BackupResourceHooks
                          that should be executed based on the rules defined for namespaces,
                          resources, and label selector.
                        properties:
                          excludedNamespaces:
                            description: ExcludedNamespaces specifies the namespaces
                              to which this hook spec does not apply.
                            items:
                              type: string
                            nullable: true
                            type: array
                          excludedResources:
                            description: ExcludedResources specifies the resources
                              to which this hook spec does not apply.
                            items:
                              type: string
                            nullable: true
                            type: array
                          includedNamespaces:
                            description: IncludedNamespaces specifies the namespaces
                              to which this hook spec applies. If empty, it applies
                              to all namespaces.
                            items:
                              type: string
                            nullable: true
                            type: array
                          includedResources:
                            description: IncludedResources specifies the resources
                              to which this hook spec applies. If empty, it applies
                              to all resources.
                            items:
                              type: string
                            nullable: true
                            type: array
                          labelSelector:
                            description: LabelSelector, if specified, filters the
                              resources to which this hook spec applies.
                            nullable: true
                            properties:
                              matchExpressions:
                                description: matchExpressions is a list of label selector
                                  requirements. The requirements are ANDed.
                                items:
                                  description: A label selector requirement is a selector
                                    that contains values, a key, and an operator that
                                    relates the key and values.
                                  properties:
                                    key:
                                      description: key is the label key that the selector
                                        applies to.
                                      type: string
                                    operator:
                                      description: operator represents a key's relationship
                                        to a set of values. Valid operators are In,
                                        NotIn, Exists and DoesNotExist.
                                      type: string
                                    values:
                                      description: values is an array of string values.
                                        If the operator is In or NotIn, the values
                                        array must be non-empty. If the operator is
                                        Exists or DoesNotExist, the values array must
                                        be empty. This array is replaced during a
                                        strategic merge patch.
                                      items:
                                        type: string
                                      type: array
                                  required:
                                  - key
                                  - operator
                                  type: object
                                type: array
                              matchLabels:
                                additionalProperties:
                                  type: string
                                description: matchLabels is a map of {key,value} pairs.
                                  A single {key,value} in the matchLabels map is equivalent
                                  to an element of matchExpressions, whose key field
                                  is "key", the operator is "In", and the values array
                                  contains only "value". The requirements are ANDed.
                                type: object
                            type: object
                          name:
                            description: Name is the name of this hook.
                            type: string
                          post:
                            description: PostHooks is a list of BackupResourceHooks
                              to execute after storing the item in the backup. These
                              are executed after all "additional items" from item
                              actions are processed.
                            items:
                              description: BackupResourceHook defines a hook for a
                                resource.
                              properties:
                                exec:
                                  description: Exec defines an exec hook.
                                  properties:
                                    command:
                                      description: Command is the command and arguments
                                        to execute.
                                      items:
                                        type: string
                                      minItems: 1
                                      type: array
                                    container:
                                      description: Container is the container in the
                                        pod where the command should be executed.
                                        If not specified, the pod's first container
                                        is used.
                                      type: string
                                    onError:
                                      description: OnError specifies how Velero should
                                        behave if it encounters an error executing
                                        this hook.
                                      enum:
                                      - Continue
                                      - Fail
                                      type: string
                                    timeout:
                                      description: Timeout defines the maximum amount
                                        of time Velero should wait for the hook to
                                        complete before considering the execution
                                        a failure.
                                      type: string
                                  required:
                                  - command
                                  type: object
                              required:
                              - exec
                              type: object
                            type: array
                          pre:
                            description: PreHooks is a list of BackupResourceHooks
                              to execute prior to storing the item in the backup.
                              These are executed before any "additional items" from
                              item actions are processed.
                            items:
                              description: BackupResourceHook defines a hook for a
                                resource.
                              properties:
                                exec:
                                  description: Exec defines an exec hook.
                                  properties:
                                    command:
                                      description: Command is the command and arguments
                                        to execute.
                                      items:
                                        type: string
                                      minItems: 1
                                      type: array
                                    container:
                                      description: Container is the container in the
                                        pod where the command should be executed.
                                        If not specified, the pod's first container
                                        is used.
                                      type: string
                                    onError:
                                      description: OnError specifies how Velero should
                                        behave if it encounters an error executing
                                        this hook.
                                      enum:
                                      - Continue
                                      - Fail
                                      type: string
                                    timeout:
                                      description: Timeout defines the maximum amount
                                        of time Velero should wait for the hook to
                                        complete before considering the execution
                                        a failure.
                                      type: string
                                  required:
                                  - command
                                  type: object
                              required:
                              - exec
                              type: object
                            type: array
                        required:
                        - name
                        type: object
                      nullable: true
                      type: array
                  type: object
                includeClusterResources:
                  description: IncludeClusterResources specifies whether cluster-scoped
                    resources should be included for consideration in the backup.
                  nullable: true
                  type: boolean
                includedNamespaces:
                  description: IncludedNamespaces is a slice of namespace names to
                    include objects from. If empty, all namespaces are included.
                  items:
                    type: string
                  nullable: true
                  type: array
                includedResources:
                  description: IncludedResources is a slice of resource names to include
                    in the backup. If empty, all resources are included.
                  items:
                    type: string
                  nullable: true
                  type: array
                labelSelector:
                  description: LabelSelector is a metav1.LabelSelector to filter with
                    when adding individual objects to the backup. If empty or nil,
                    all objects are included. Optional.
                  nullable: true
                  properties:
                    matchExpressions:
                      description: matchExpressions is a list of label selector requirements.
                        The requirements are ANDed.
                      items:
                        description: A label selector requirement is a selector that
                          contains values, a key, and an operator that relates the
                          key and values.
                        properties:
                          key:
                            description: key is the label key that the selector applies
                              to.
                            type: string
                          operator:
                            description: operator represents a key's relationship
                              to a set of values. Valid operators are In, NotIn, Exists
                              and DoesNotExist.
                            type: string
                          values:
                            description: values is an array of string values. If the
                              operator is In or NotIn, the values array must be non-empty.
                              If the operator is Exists or DoesNotExist, the values
                              array must be empty. This array is replaced during a
                              strategic merge patch.
                            items:
                              type: string
                            type: array
                        required:
                        - key
                        - operator
                        type: object
                      type: array
                    matchLabels:
                      additionalProperties:
                        type: string
                      description: matchLabels is a map of {key,value} pairs. A single
                        {key,value} in the matchLabels map is equivalent to an element
                        of matchExpressions, whose key field is "key", the operator
                        is "In", and the values array contains only "value". The requirements
                        are ANDed.
                      type: object
                  type: object
                metadata:
                  properties:
                    labels:
                      additionalProperties:
                        type: string
                      type: object
                  type: object
                orLabelSelectors:
                  description: OrLabelSelectors is list of metav1.LabelSelector to
                    filter with when adding individual objects to the backup. If multiple
                    provided they will be joined by the OR operator. LabelSelector
                    as well as OrLabelSelectors cannot co-exist in backup request,
                    only one of them can be used.
                  items:
                    description: A label selector is a label query over a set of resources.
                      The result of matchLabels and matchExpressions are ANDed. An
                      empty label selector matches all objects. A null label selector
                      matches no objects.
                    properties:
                      matchExpressions:
                        description: matchExpressions is a list of label selector
                          requirements. The requirements are ANDed.
                        items:
                          description: A label selector requirement is a selector
                            that contains values, a key, and an operator that relates
                            the key and values.
                          properties:
                            key:
                              description: key is the label key that the selector
                                applies to.
                              type: string
                            operator:
                              description: operator represents a key's relationship
                                to a set of values. Valid operators are In, NotIn,
                                Exists and DoesNotExist.
                              type: string
                            values:
                              description: values is an array of string values. If
                                the operator is In or NotIn, the values array must
                                be non-empty. If the operator is Exists or DoesNotExist,
                                the values array must be empty. This array is replaced
                                during a strategic merge patch.
                              items:
                                type: string
                              type: array
                          required:
                          - key
                          - operator
                          type: object
                        type: array
                      matchLabels:
                        additionalProperties:
                          type: string
                        description: matchLabels is a map of {key,value} pairs. A
                          single {key,value} in the matchLabels map is equivalent
                          to an element of matchExpressions, whose key field is "key",
                          the operator is "In", and the values array contains only
                          "value". The requirements are ANDed.
                        type: object
                    type: object
                  nullable: true
                  type: array
                orderedResources:
                  additionalProperties:
                    type: string
                  description: OrderedResources specifies the backup order of resources
                    of specific Kind. The map key is the Kind name and value is a
                    list of resource names separated by commas. Each resource name
                    has format "namespace/resourcename".  For cluster resources, simply
                    use "resourcename".
                  nullable: true
                  type: object
                snapshotVolumes:
                  description: SnapshotVolumes specifies whether to take cloud snapshots
                    of any PV's referenced in the set of objects included in the Backup.
                  nullable: true
                  type: boolean
                storageLocation:
                  description: StorageLocation is a string containing the name of
                    a BackupStorageLocation where the backup should be stored.
                  type: string
                ttl:
                  description: TTL is a time.Duration-parseable string describing
                    how long the Backup should be retained for.
                  type: string
                volumeSnapshotLocations:
                  description: VolumeSnapshotLocations is a list containing names
                    of VolumeSnapshotLocations associated with this backup.
                  items:
                    type: string
                  type: array
              type: object
            status:
              description: BackupStatus captures the current status of a Velero backup.
              properties:
                completionTimestamp:
                  description: CompletionTimestamp records the time a backup was completed.
                    Completion time is recorded even on failed backups. Completion
                    time is recorded before uploading the backup object. The server's
                    time is used for CompletionTimestamps
                  format: date-time
                  nullable: true
                  type: string
                csiVolumeSnapshotsAttempted:
                  description: CSIVolumeSnapshotsAttempted is the total number of
                    attempted CSI VolumeSnapshots for this backup.
                  type: integer
                csiVolumeSnapshotsCompleted:
                  description: CSIVolumeSnapshotsCompleted is the total number of
                    successfully completed CSI VolumeSnapshots for this backup.
                  type: integer
                errors:
                  description: Errors is a count of all error messages that were generated
                    during execution of the backup.  The actual errors are in the
                    backup's log file in object storage.
                  type: integer
                expiration:
                  description: Expiration is when this Backup is eligible for garbage-collection.
                  format: date-time
                  nullable: true
                  type: string
                failureReason:
                  description: FailureReason is an error that caused the entire backup
                    to fail.
                  type: string
                formatVersion:
                  description: FormatVersion is the backup format version, including
                    major, minor, and patch version.
                  type: string
                phase:
                  description: Phase is the current state of the Backup.
                  enum:
                  - New
                  - FailedValidation
                  - InProgress
                  - Completed
                  - PartiallyFailed
                  - Failed
                  - Deleting
                  type: string
                progress:
                  description: Progress contains information about the backup's execution
                    progress. Note that this information is best-effort only -- if
                    Velero fails to update it during a backup for any reason, it may
                    be inaccurate/stale.
                  nullable: true
                  properties:
                    itemsBackedUp:
                      description: ItemsBackedUp is the number of items that have
                        actually been written to the backup tarball so far.
                      type: integer
                    totalItems:
                      description: TotalItems is the total number of items to be backed
                        up. This number may change throughout the execution of the
                        backup due to plugins that return additional related items
                        to back up, the velero.io/exclude-from-backup label, and various
                        other filters that happen as items are processed.
                      type: integer
                  type: object
                startTimestamp:
                  description: StartTimestamp records the time a backup was started.
                    Separate from CreationTimestamp, since that value changes on restores.
                    The server's time is used for StartTimestamps
                  format: date-time
                  nullable: true
                  type: string
                validationErrors:
                  description: ValidationErrors is a slice of all validation errors
                    (if applicable).
                  items:
                    type: string
                  nullable: true
                  type: array
                version:
                  description: 'Version is the backup format major version. Deprecated:
                    Please see FormatVersion'
                  type: integer
                volumeSnapshotsAttempted:
                  description: VolumeSnapshotsAttempted is the total number of attempted
                    volume snapshots for this backup.
                  type: integer
                volumeSnapshotsCompleted:
                  description: VolumeSnapshotsCompleted is the total number of successfully
                    completed volume snapshots for this backup.
                  type: integer
                warnings:
                  description: Warnings is a count of all warning messages that were
                    generated during execution of the backup. The actual warnings
                    are in the backup's log file in object storage.
                  type: integer
              type: object
          type: object
      served: true
      storage: true
- apiVersion: apiextensions.k8s.io/v1
  kind: CustomResourceDefinition
  metadata:
    annotations:
      controller-gen.kubebuilder.io/version: v0.7.0
    creationTimestamp: null
    labels:
      component: velero
    name: backupstoragelocations.velero.io
  spec:
    group: velero.io
    names:
      kind: BackupStorageLocation
      listKind: BackupStorageLocationList
      plural: backupstoragelocations
      shortNames:
      - bsl
      singular: backupstoragelocation
    scope: Namespaced
    versions:
    - additionalPrinterColumns:
      - description: Backup Storage Location status such as Available/Unavailable
        jsonPath: .status.phase
        name: Phase
        type: string
      - description: LastValidationTime is the last time the backup store location
          was validated
        jsonPath: .status.lastValidationTime
        name: Last Validated
        type: date
      - jsonPath: .metadata.creationTimestamp
        name: Age
        type: date
      - description: Default backup storage location
        jsonPath: .spec.default
        name: Default
        type: boolean
      name: v1
      schema:
        openAPIV3Schema:
          description: BackupStorageLocation is a location where Velero stores backup
            objects
          properties:
            apiVersion:
              description: 'APIVersion defines the versioned schema of this representation
                of an object. Servers should convert recognized schemas to the latest
                internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
              type: string
            kind:
              description: 'Kind is a string value representing the REST resource
                this object represents. Servers may infer this from the endpoint the
                client submits requests to. Cannot be updated. In CamelCase. More
                info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
              type: string
            metadata:
              type: object
            spec:
              description: BackupStorageLocationSpec defines the desired state of
                a Velero BackupStorageLocation
              properties:
                accessMode:
                  description: AccessMode defines the permissions for the backup storage
                    location.
                  enum:
                  - ReadOnly
                  - ReadWrite
                  type: string
                backupSyncPeriod:
                  description: BackupSyncPeriod defines how frequently to sync backup
                    API objects from object storage. A value of 0 disables sync.
                  nullable: true
                  type: string
                config:
                  additionalProperties:
                    type: string
                  description: Config is for provider-specific configuration fields.
                  type: object
                credential:
                  description: Credential contains the credential information intended
                    to be used with this location
                  properties:
                    key:
                      description: The key of the secret to select from.  Must be
                        a valid secret key.
                      type: string
                    name:
                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                        TODO: Add other useful fields. apiVersion, kind, uid?'
                      type: string
                    optional:
                      description: Specify whether the Secret or its key must be defined
                      type: boolean
                  required:
                  - key
                  type: object
                default:
                  description: Default indicates this location is the default backup
                    storage location.
                  type: boolean
                objectStorage:
                  description: ObjectStorageLocation specifies the settings necessary
                    to connect to a provider's object storage.
                  properties:
                    bucket:
                      description: Bucket is the bucket to use for object storage.
                      type: string
                    caCert:
                      description: CACert defines a CA bundle to use when verifying
                        TLS connections to the provider.
                      format: byte
                      type: string
                    prefix:
                      description: Prefix is the path inside a bucket to use for Velero
                        storage. Optional.
                      type: string
                  required:
                  - bucket
                  type: object
                provider:
                  description: Provider is the provider of the backup storage.
                  type: string
                validationFrequency:
                  description: ValidationFrequency defines how frequently to validate
                    the corresponding object storage. A value of 0 disables validation.
                  nullable: true
                  type: string
              required:
              - objectStorage
              - provider
              type: object
            status:
              description: BackupStorageLocationStatus defines the observed state
                of BackupStorageLocation
              properties:
                accessMode:
                  description: "AccessMode is an unused field. \n Deprecated: there
                    is now an AccessMode field on the Spec and this field will be
                    removed entirely as of v2.0."
                  enum:
                  - ReadOnly
                  - ReadWrite
                  type: string
                lastSyncedRevision:
                  description: "LastSyncedRevision is the value of the `metadata/revision`
                    file in the backup storage location the last time the BSL's contents
                    were synced into the cluster. \n Deprecated: this field is no
                    longer updated or used for detecting changes to the location's
                    contents and will be removed entirely in v2.0."
                  type: string
                lastSyncedTime:
                  description: LastSyncedTime is the last time the contents of the
                    location were synced into the cluster.
                  format: date-time
                  nullable: true
                  type: string
                lastValidationTime:
                  description: LastValidationTime is the last time the backup store
                    location was validated the cluster.
                  format: date-time
                  nullable: true
                  type: string
                message:
                  description: Message is a message about the backup storage location's
                    status.
                  type: string
                phase:
                  description: Phase is the current state of the BackupStorageLocation.
                  enum:
                  - Available
                  - Unavailable
                  type: string
              type: object
          type: object
      served: true
      storage: true
      subresources: {}
- apiVersion: apiextensions.k8s.io/v1
  kind: CustomResourceDefinition
  metadata:
    annotations:
      controller-gen.kubebuilder.io/version: v0.7.0
    creationTimestamp: null
    labels:
      component: velero
    name: deletebackuprequests.velero.io
  spec:
    group: velero.io
    names:
      kind: DeleteBackupRequest
      listKind: DeleteBackupRequestList
      plural: deletebackuprequests
      singular: deletebackuprequest
    scope: Namespaced
    versions:
    - additionalPrinterColumns:
      - description: The name of the backup to be deleted
        jsonPath: .spec.backupName
        name: BackupName
        type: string
      - description: The status of the deletion request
        jsonPath: .status.phase
        name: Status
        type: string
      name: v1
      schema:
        openAPIV3Schema:
          description: DeleteBackupRequest is a request to delete one or more backups.
          properties:
            apiVersion:
              description: 'APIVersion defines the versioned schema of this representation
                of an object. Servers should convert recognized schemas to the latest
                internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
              type: string
            kind:
              description: 'Kind is a string value representing the REST resource
                this object represents. Servers may infer this from the endpoint the
                client submits requests to. Cannot be updated. In CamelCase. More
                info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
              type: string
            metadata:
              type: object
            spec:
              description: DeleteBackupRequestSpec is the specification for which
                backups to delete.
              properties:
                backupName:
                  type: string
              required:
              - backupName
              type: object
            status:
              description: DeleteBackupRequestStatus is the current status of a DeleteBackupRequest.
              properties:
                errors:
                  description: Errors contains any errors that were encountered during
                    the deletion process.
                  items:
                    type: string
                  nullable: true
                  type: array
                phase:
                  description: Phase is the current state of the DeleteBackupRequest.
                  enum:
                  - New
                  - InProgress
                  - Processed
                  type: string
              type: object
          type: object
      served: true
      storage: true
      subresources: {}
- apiVersion: apiextensions.k8s.io/v1
  kind: CustomResourceDefinition
  metadata:
    annotations:
      controller-gen.kubebuilder.io/version: v0.7.0
    creationTimestamp: null
    labels:
      component: velero
    name: downloadrequests.velero.io
  spec:
    group: velero.io
    names:
      kind: DownloadRequest
      listKind: DownloadRequestList
      plural: downloadrequests
      singular: downloadrequest
    scope: Namespaced
    versions:
    - name: v1
      schema:
        openAPIV3Schema:
          description: DownloadRequest is a request to download an artifact from backup
            object storage, such as a backup log file.
          properties:
            apiVersion:
              description: 'APIVersion defines the versioned schema of this representation
                of an object. Servers should convert recognized schemas to the latest
                internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
              type: string
            kind:
              description: 'Kind is a string value representing the REST resource
                this object represents. Servers may infer this from the endpoint the
                client submits requests to. Cannot be updated. In CamelCase. More
                info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
              type: string
            metadata:
              type: object
            spec:
              description: DownloadRequestSpec is the specification for a download
                request.
              properties:
                target:
                  description: Target is what to download (e.g. logs for a backup).
                  properties:
                    kind:
                      description: Kind is the type of file to download.
                      enum:
                      - BackupLog
                      - BackupContents
                      - BackupVolumeSnapshots
                      - BackupItemSnapshots
                      - BackupResourceList
                      - RestoreLog
                      - RestoreResults
                      - CSIBackupVolumeSnapshots
                      - CSIBackupVolumeSnapshotContents
                      type: string
                    name:
                      description: Name is the name of the kubernetes resource with
                        which the file is associated.
                      type: string
                  required:
                  - kind
                  - name
                  type: object
              required:
              - target
              type: object
            status:
              description: DownloadRequestStatus is the current status of a DownloadRequest.
              properties:
                downloadURL:
                  description: DownloadURL contains the pre-signed URL for the target
                    file.
                  type: string
                expiration:
                  description: Expiration is when this DownloadRequest expires and
                    can be deleted by the system.
                  format: date-time
                  nullable: true
                  type: string
                phase:
                  description: Phase is the current state of the DownloadRequest.
                  enum:
                  - New
                  - Processed
                  type: string
              type: object
          type: object
      served: true
      storage: true
- apiVersion: apiextensions.k8s.io/v1
  kind: CustomResourceDefinition
  metadata:
    annotations:
      controller-gen.kubebuilder.io/version: v0.7.0
    creationTimestamp: null
    labels:
      component: velero
    name: podvolumebackups.velero.io
  spec:
    group: velero.io
    names:
      kind: PodVolumeBackup
      listKind: PodVolumeBackupList
      plural: podvolumebackups
      singular: podvolumebackup
    scope: Namespaced
    versions:
    - additionalPrinterColumns:
      - description: Pod Volume Backup status such as New/InProgress
        jsonPath: .status.phase
        name: Status
        type: string
      - description: Time when this backup was started
        jsonPath: .status.startTimestamp
        name: Created
        type: date
      - description: Namespace of the pod containing the volume to be backed up
        jsonPath: .spec.pod.namespace
        name: Namespace
        type: string
      - description: Name of the pod containing the volume to be backed up
        jsonPath: .spec.pod.name
        name: Pod
        type: string
      - description: Name of the volume to be backed up
        jsonPath: .spec.volume
        name: Volume
        type: string
      - description: Restic repository identifier for this backup
        jsonPath: .spec.repoIdentifier
        name: Restic Repo
        type: string
      - description: Name of the Backup Storage Location where this backup should
          be stored
        jsonPath: .spec.backupStorageLocation
        name: Storage Location
        type: string
      - jsonPath: .metadata.creationTimestamp
        name: Age
        type: date
      name: v1
      schema:
        openAPIV3Schema:
          properties:
            apiVersion:
              description: 'APIVersion defines the versioned schema of this representation
                of an object. Servers should convert recognized schemas to the latest
                internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
              type: string
            kind:
              description: 'Kind is a string value representing the REST resource
                this object represents. Servers may infer this from the endpoint the
                client submits requests to. Cannot be updated. In CamelCase. More
                info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
              type: string
            metadata:
              type: object
            spec:
              description: PodVolumeBackupSpec is the specification for a PodVolumeBackup.
              properties:
                backupStorageLocation:
                  description: BackupStorageLocation is the name of the backup storage
                    location where the restic repository is stored.
                  type: string
                node:
                  description: Node is the name of the node that the Pod is running
                    on.
                  type: string
                pod:
                  description: Pod is a reference to the pod containing the volume
                    to be backed up.
                  properties:
                    apiVersion:
                      description: API version of the referent.
                      type: string
                    fieldPath:
                      description: 'If referring to a piece of an object instead of
                        an entire object, this string should contain a valid JSON/Go
                        field access statement, such as desiredState.manifest.containers[2].
                        For example, if the object reference is to a container within
                        a pod, this would take on a value like: "spec.containers{name}"
                        (where "name" refers to the name of the container that triggered
                        the event) or if no container name is specified "spec.containers[2]"
                        (container with index 2 in this pod). This syntax is chosen
                        only to have some well-defined way of referencing a part of
                        an object. TODO: this design is not final and this field is
                        subject to change in the future.'
                      type: string
                    kind:
                      description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
                      type: string
                    name:
                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
                      type: string
                    namespace:
                      description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
                      type: string
                    resourceVersion:
                      description: 'Specific resourceVersion to which this reference
                        is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
                      type: string
                    uid:
                      description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                      type: string
                  type: object
                repoIdentifier:
                  description: RepoIdentifier is the restic repository identifier.
                  type: string
                tags:
                  additionalProperties:
                    type: string
                  description: Tags are a map of key-value pairs that should be applied
                    to the volume backup as tags.
                  type: object
                volume:
                  description: Volume is the name of the volume within the Pod to
                    be backed up.
                  type: string
              required:
              - backupStorageLocation
              - node
              - pod
              - repoIdentifier
              - volume
              type: object
            status:
              description: PodVolumeBackupStatus is the current status of a PodVolumeBackup.
              properties:
                completionTimestamp:
                  description: CompletionTimestamp records the time a backup was completed.
                    Completion time is recorded even on failed backups. Completion
                    time is recorded before uploading the backup object. The server's
                    time is used for CompletionTimestamps
                  format: date-time
                  nullable: true
                  type: string
                message:
                  description: Message is a message about the pod volume backup's
                    status.
                  type: string
                path:
                  description: Path is the full path within the controller pod being
                    backed up.
                  type: string
                phase:
                  description: Phase is the current state of the PodVolumeBackup.
                  enum:
                  - New
                  - InProgress
                  - Completed
                  - Failed
                  type: string
                progress:
                  description: Progress holds the total number of bytes of the volume
                    and the current number of backed up bytes. This can be used to
                    display progress information about the backup operation.
                  properties:
                    bytesDone:
                      format: int64
                      type: integer
                    totalBytes:
                      format: int64
                      type: integer
                  type: object
                snapshotID:
                  description: SnapshotID is the identifier for the snapshot of the
                    pod volume.
                  type: string
                startTimestamp:
                  description: StartTimestamp records the time a backup was started.
                    Separate from CreationTimestamp, since that value changes on restores.
                    The server's time is used for StartTimestamps
                  format: date-time
                  nullable: true
                  type: string
              type: object
          type: object
      served: true
      storage: true
      subresources: {}
- apiVersion: apiextensions.k8s.io/v1
  kind: CustomResourceDefinition
  metadata:
    annotations:
      controller-gen.kubebuilder.io/version: v0.7.0
    creationTimestamp: null
    labels:
      component: velero
    name: podvolumerestores.velero.io
  spec:
    group: velero.io
    names:
      kind: PodVolumeRestore
      listKind: PodVolumeRestoreList
      plural: podvolumerestores
      singular: podvolumerestore
    scope: Namespaced
    versions:
    - additionalPrinterColumns:
      - description: Namespace of the pod containing the volume to be restored
        jsonPath: .spec.pod.namespace
        name: Namespace
        type: string
      - description: Name of the pod containing the volume to be restored
        jsonPath: .spec.pod.name
        name: Pod
        type: string
      - description: Name of the volume to be restored
        jsonPath: .spec.volume
        name: Volume
        type: string
      - description: Pod Volume Restore status such as New/InProgress
        jsonPath: .status.phase
        name: Status
        type: string
      - description: Pod Volume Restore status such as New/InProgress
        format: int64
        jsonPath: .status.progress.totalBytes
        name: TotalBytes
        type: integer
      - description: Pod Volume Restore status such as New/InProgress
        format: int64
        jsonPath: .status.progress.bytesDone
        name: BytesDone
        type: integer
      - jsonPath: .metadata.creationTimestamp
        name: Age
        type: date
      name: v1
      schema:
        openAPIV3Schema:
          properties:
            apiVersion:
              description: 'APIVersion defines the versioned schema of this representation
                of an object. Servers should convert recognized schemas to the latest
                internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
              type: string
            kind:
              description: 'Kind is a string value representing the REST resource
                this object represents. Servers may infer this from the endpoint the
                client submits requests to. Cannot be updated. In CamelCase. More
                info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
              type: string
            metadata:
              type: object
            spec:
              description: PodVolumeRestoreSpec is the specification for a PodVolumeRestore.
              properties:
                backupStorageLocation:
                  description: BackupStorageLocation is the name of the backup storage
                    location where the restic repository is stored.
                  type: string
                pod:
                  description: Pod is a reference to the pod containing the volume
                    to be restored.
                  properties:
                    apiVersion:
                      description: API version of the referent.
                      type: string
                    fieldPath:
                      description: 'If referring to a piece of an object instead of
                        an entire object, this string should contain a valid JSON/Go
                        field access statement, such as desiredState.manifest.containers[2].
                        For example, if the object reference is to a container within
                        a pod, this would take on a value like: "spec.containers{name}"
                        (where "name" refers to the name of the container that triggered
                        the event) or if no container name is specified "spec.containers[2]"
                        (container with index 2 in this pod). This syntax is chosen
                        only to have some well-defined way of referencing a part of
                        an object. TODO: this design is not final and this field is
                        subject to change in the future.'
                      type: string
                    kind:
                      description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
                      type: string
                    name:
                      description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
                      type: string
                    namespace:
                      description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
                      type: string
                    resourceVersion:
                      description: 'Specific resourceVersion to which this reference
                        is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
                      type: string
                    uid:
                      description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                      type: string
                  type: object
                repoIdentifier:
                  description: RepoIdentifier is the restic repository identifier.
                  type: string
                snapshotID:
                  description: SnapshotID is the ID of the volume snapshot to be restored.
                  type: string
                volume:
                  description: Volume is the name of the volume within the Pod to
                    be restored.
                  type: string
              required:
              - backupStorageLocation
              - pod
              - repoIdentifier
              - snapshotID
              - volume
              type: object
            status:
              description: PodVolumeRestoreStatus is the current status of a PodVolumeRestore.
              properties:
                completionTimestamp:
                  description: CompletionTimestamp records the time a restore was
                    completed. Completion time is recorded even on failed restores.
                    The server's time is used for CompletionTimestamps
                  format: date-time
                  nullable: true
                  type: string
                message:
                  description: Message is a message about the pod volume restore's
                    status.
                  type: string
                phase:
                  description: Phase is the current state of the PodVolumeRestore.
                  enum:
                  - New
                  - InProgress
                  - Completed
                  - Failed
                  type: string
                progress:
                  description: Progress holds the total number of bytes of the snapshot
                    and the current number of restored bytes. This can be used to
                    display progress information about the restore operation.
                  properties:
                    bytesDone:
                      format: int64
                      type: integer
                    totalBytes:
                      format: int64
                      type: integer
                  type: object
                startTimestamp:
                  description: StartTimestamp records the time a restore was started.
                    The server's time is used for StartTimestamps
                  format: date-time
                  nullable: true
                  type: string
              type: object
          type: object
      served: true
      storage: true
      subresources: {}
- apiVersion: apiextensions.k8s.io/v1
  kind: CustomResourceDefinition
  metadata:
    annotations:
      controller-gen.kubebuilder.io/version: v0.7.0
    creationTimestamp: null
    labels:
      component: velero
    name: resticrepositories.velero.io
  spec:
    group: velero.io
    names:
      kind: ResticRepository
      listKind: ResticRepositoryList
      plural: resticrepositories
      singular: resticrepository
    scope: Namespaced
    versions:
    - additionalPrinterColumns:
      - jsonPath: .metadata.creationTimestamp
        name: Age
        type: date
      name: v1
      schema:
        openAPIV3Schema:
          properties:
            apiVersion:
              description: 'APIVersion defines the versioned schema of this representation
                of an object. Servers should convert recognized schemas to the latest
                internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
              type: string
            kind:
              description: 'Kind is a string value representing the REST resource
                this object represents. Servers may infer this from the endpoint the
                client submits requests to. Cannot be updated. In CamelCase. More
                info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
              type: string
            metadata:
              type: object
            spec:
              description: ResticRepositorySpec is the specification for a ResticRepository.
              properties:
                backupStorageLocation:
                  description: BackupStorageLocation is the name of the BackupStorageLocation
                    that should contain this repository.
                  type: string
                maintenanceFrequency:
                  description: MaintenanceFrequency is how often maintenance should
                    be run.
                  type: string
                resticIdentifier:
                  description: ResticIdentifier is the full restic-compatible string
                    for identifying this repository.
                  type: string
                volumeNamespace:
                  description: VolumeNamespace is the namespace this restic repository
                    contains pod volume backups for.
                  type: string
              required:
              - backupStorageLocation
              - maintenanceFrequency
              - resticIdentifier
              - volumeNamespace
              type: object
            status:
              description: ResticRepositoryStatus is the current status of a ResticRepository.
              properties:
                lastMaintenanceTime:
                  description: LastMaintenanceTime is the last time maintenance was
                    run.
                  format: date-time
                  nullable: true
                  type: string
                message:
                  description: Message is a message about the current status of the
                    ResticRepository.
                  type: string
                phase:
                  description: Phase is the current state of the ResticRepository.
                  enum:
                  - New
                  - Ready
                  - NotReady
                  type: string
              type: object
          type: object
      served: true
      storage: true
      subresources: {}
- apiVersion: apiextensions.k8s.io/v1
  kind: CustomResourceDefinition
  metadata:
    annotations:
      controller-gen.kubebuilder.io/version: v0.7.0
    creationTimestamp: null
    labels:
      component: velero
    name: restores.velero.io
  spec:
    group: velero.io
    names:
      kind: Restore
      listKind: RestoreList
      plural: restores
      singular: restore
    scope: Namespaced
    versions:
    - name: v1
      schema:
        openAPIV3Schema:
          description: Restore is a Velero resource that represents the application
            of resources from a Velero backup to a target Kubernetes cluster.
          properties:
            apiVersion:
              description: 'APIVersion defines the versioned schema of this representation
                of an object. Servers should convert recognized schemas to the latest
                internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
              type: string
            kind:
              description: 'Kind is a string value representing the REST resource
                this object represents. Servers may infer this from the endpoint the
                client submits requests to. Cannot be updated. In CamelCase. More
                info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
              type: string
            metadata:
              type: object
            spec:
              description: RestoreSpec defines the specification for a Velero restore.
              properties:
                backupName:
                  description: BackupName is the unique name of the Velero backup
                    to restore from.
                  type: string
                excludedNamespaces:
                  description: ExcludedNamespaces contains a list of namespaces that
                    are not included in the restore.
                  items:
                    type: string
                  nullable: true
                  type: array
                excludedResources:
                  description: ExcludedResources is a slice of resource names that
                    are not included in the restore.
                  items:
                    type: string
                  nullable: true
                  type: array
                existingResourcePolicy:
                  description: ExistingResourcePolicy specifies the restore behaviour
                    for the kubernetes resource to be restored
                  nullable: true
                  type: string
                hooks:
                  description: Hooks represent custom behaviors that should be executed
                    during or post restore.
                  properties:
                    resources:
                      items:
                        description: RestoreResourceHookSpec defines one or more RestoreResrouceHooks
                          that should be executed based on the rules defined for namespaces,
                          resources, and label selector.
                        properties:
                          excludedNamespaces:
                            description: ExcludedNamespaces specifies the namespaces
                              to which this hook spec does not apply.
                            items:
                              type: string
                            nullable: true
                            type: array
                          excludedResources:
                            description: ExcludedResources specifies the resources
                              to which this hook spec does not apply.
                            items:
                              type: string
                            nullable: true
                            type: array
                          includedNamespaces:
                            description: IncludedNamespaces specifies the namespaces
                              to which this hook spec applies. If empty, it applies
                              to all namespaces.
                            items:
                              type: string
                            nullable: true
                            type: array
                          includedResources:
                            description: IncludedResources specifies the resources
                              to which this hook spec applies. If empty, it applies
                              to all resources.
                            items:
                              type: string
                            nullable: true
                            type: array
                          labelSelector:
                            description: LabelSelector, if specified, filters the
                              resources to which this hook spec applies.
                            nullable: true
                            properties:
                              matchExpressions:
                                description: matchExpressions is a list of label selector
                                  requirements. The requirements are ANDed.
                                items:
                                  description: A label selector requirement is a selector
                                    that contains values, a key, and an operator that
                                    relates the key and values.
                                  properties:
                                    key:
                                      description: key is the label key that the selector
                                        applies to.
                                      type: string
                                    operator:
                                      description: operator represents a key's relationship
                                        to a set of values. Valid operators are In,
                                        NotIn, Exists and DoesNotExist.
                                      type: string
                                    values:
                                      description: values is an array of string values.
                                        If the operator is In or NotIn, the values
                                        array must be non-empty. If the operator is
                                        Exists or DoesNotExist, the values array must
                                        be empty. This array is replaced during a
                                        strategic merge patch.
                                      items:
                                        type: string
                                      type: array
                                  required:
                                  - key
                                  - operator
                                  type: object
                                type: array
                              matchLabels:
                                additionalProperties:
                                  type: string
                                description: matchLabels is a map of {key,value} pairs.
                                  A single {key,value} in the matchLabels map is equivalent
                                  to an element of matchExpressions, whose key field
                                  is "key", the operator is "In", and the values array
                                  contains only "value". The requirements are ANDed.
                                type: object
                            type: object
                          name:
                            description: Name is the name of this hook.
                            type: string
                          postHooks:
                            description: PostHooks is a list of RestoreResourceHooks
                              to execute during and after restoring a resource.
                            items:
                              description: RestoreResourceHook defines a restore hook
                                for a resource.
                              properties:
                                exec:
                                  description: Exec defines an exec restore hook.
                                  properties:
                                    command:
                                      description: Command is the command and arguments
                                        to execute from within a container after a
                                        pod has been restored.
                                      items:
                                        type: string
                                      minItems: 1
                                      type: array
                                    container:
                                      description: Container is the container in the
                                        pod where the command should be executed.
                                        If not specified, the pod's first container
                                        is used.
                                      type: string
                                    execTimeout:
                                      description: ExecTimeout defines the maximum
                                        amount of time Velero should wait for the
                                        hook to complete before considering the execution
                                        a failure.
                                      type: string
                                    onError:
                                      description: OnError specifies how Velero should
                                        behave if it encounters an error executing
                                        this hook.
                                      enum:
                                      - Continue
                                      - Fail
                                      type: string
                                    waitTimeout:
                                      description: WaitTimeout defines the maximum
                                        amount of time Velero should wait for the
                                        container to be Ready before attempting to
                                        run the command.
                                      type: string
                                  required:
                                  - command
                                  type: object
                                init:
                                  description: Init defines an init restore hook.
                                  properties:
                                    initContainers:
                                      description: InitContainers is list of init
                                        containers to be added to a pod during its
                                        restore.
                                      items:
                                        description: A single application container
                                          that you want to run within a pod.
                                        properties:
                                          args:
                                            description: 'Arguments to the entrypoint.
                                              The container image''s CMD is used if
                                              this is not provided. Variable references
                                              $(VAR_NAME) are expanded using the container''s
                                              environment. If a variable cannot be
                                              resolved, the reference in the input
                                              string will be unchanged. Double $$
                                              are reduced to a single $, which allows
                                              for escaping the $(VAR_NAME) syntax:
                                              i.e. "$$(VAR_NAME)" will produce the
                                              string literal "$(VAR_NAME)". Escaped
                                              references will never be expanded, regardless
                                              of whether the variable exists or not.
                                              Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                            items:
                                              type: string
                                            type: array
                                          command:
                                            description: 'Entrypoint array. Not executed
                                              within a shell. The container image''s
                                              ENTRYPOINT is used if this is not provided.
                                              Variable references $(VAR_NAME) are
                                              expanded using the container''s environment.
                                              If a variable cannot be resolved, the
                                              reference in the input string will be
                                              unchanged. Double $$ are reduced to
                                              a single $, which allows for escaping
                                              the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
                                              will produce the string literal "$(VAR_NAME)".
                                              Escaped references will never be expanded,
                                              regardless of whether the variable exists
                                              or not. Cannot be updated. More info:
                                              https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
                                            items:
                                              type: string
                                            type: array
                                          env:
                                            description: List of environment variables
                                              to set in the container. Cannot be updated.
                                            items:
                                              description: EnvVar represents an environment
                                                variable present in a Container.
                                              properties:
                                                name:
                                                  description: Name of the environment
                                                    variable. Must be a C_IDENTIFIER.
                                                  type: string
                                                value:
                                                  description: 'Variable references
                                                    $(VAR_NAME) are expanded using
                                                    the previously defined environment
                                                    variables in the container and
                                                    any service environment variables.
                                                    If a variable cannot be resolved,
                                                    the reference in the input string
                                                    will be unchanged. Double $$ are
                                                    reduced to a single $, which allows
                                                    for escaping the $(VAR_NAME) syntax:
                                                    i.e. "$$(VAR_NAME)" will produce
                                                    the string literal "$(VAR_NAME)".
                                                    Escaped references will never
                                                    be expanded, regardless of whether
                                                    the variable exists or not. Defaults
                                                    to "".'
                                                  type: string
                                                valueFrom:
                                                  description: Source for the environment
                                                    variable's value. Cannot be used
                                                    if value is not empty.
                                                  properties:
                                                    configMapKeyRef:
                                                      description: Selects a key of
                                                        a ConfigMap.
                                                      properties:
                                                        key:
                                                          description: The key to
                                                            select.
                                                          type: string
                                                        name:
                                                          description: 'Name of the
                                                            referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                            TODO: Add other useful
                                                            fields. apiVersion, kind,
                                                            uid?'
                                                          type: string
                                                        optional:
                                                          description: Specify whether
                                                            the ConfigMap or its key
                                                            must be defined
                                                          type: boolean
                                                      required:
                                                      - key
                                                      type: object
                                                    fieldRef:
                                                      description: 'Selects a field
                                                        of the pod: supports metadata.name,
                                                        metadata.namespace, `metadata.labels[''<KEY>'']`,
                                                        `metadata.annotations[''<KEY>'']`,
                                                        spec.nodeName, spec.serviceAccountName,
                                                        status.hostIP, status.podIP,
                                                        status.podIPs.'
                                                      properties:
                                                        apiVersion:
                                                          description: Version of
                                                            the schema the FieldPath
                                                            is written in terms of,
                                                            defaults to "v1".
                                                          type: string
                                                        fieldPath:
                                                          description: Path of the
                                                            field to select in the
                                                            specified API version.
                                                          type: string
                                                      required:
                                                      - fieldPath
                                                      type: object
                                                    resourceFieldRef:
                                                      description: 'Selects a resource
                                                        of the container: only resources
                                                        limits and requests (limits.cpu,
                                                        limits.memory, limits.ephemeral-storage,
                                                        requests.cpu, requests.memory
                                                        and requests.ephemeral-storage)
                                                        are currently supported.'
                                                      properties:
                                                        containerName:
                                                          description: 'Container
                                                            name: required for volumes,
                                                            optional for env vars'
                                                          type: string
                                                        divisor:
                                                          anyOf:
                                                          - type: integer
                                                          - type: string
                                                          description: Specifies the
                                                            output format of the exposed
                                                            resources, defaults to
                                                            "1"
                                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                          x-kubernetes-int-or-string: true
                                                        resource:
                                                          description: 'Required:
                                                            resource to select'
                                                          type: string
                                                      required:
                                                      - resource
                                                      type: object
                                                    secretKeyRef:
                                                      description: Selects a key of
                                                        a secret in the pod's namespace
                                                      properties:
                                                        key:
                                                          description: The key of
                                                            the secret to select from.  Must
                                                            be a valid secret key.
                                                          type: string
                                                        name:
                                                          description: 'Name of the
                                                            referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                            TODO: Add other useful
                                                            fields. apiVersion, kind,
                                                            uid?'
                                                          type: string
                                                        optional:
                                                          description: Specify whether
                                                            the Secret or its key
                                                            must be defined
                                                          type: boolean
                                                      required:
                                                      - key
                                                      type: object
                                                  type: object
                                              required:
                                              - name
                                              type: object
                                            type: array
                                          envFrom:
                                            description: List of sources to populate
                                              environment variables in the container.
                                              The keys defined within a source must
                                              be a C_IDENTIFIER. All invalid keys
                                              will be reported as an event when the
                                              container is starting. When a key exists
                                              in multiple sources, the value associated
                                              with the last source will take precedence.
                                              Values defined by an Env with a duplicate
                                              key will take precedence. Cannot be
                                              updated.
                                            items:
                                              description: EnvFromSource represents
                                                the source of a set of ConfigMaps
                                              properties:
                                                configMapRef:
                                                  description: The ConfigMap to select
                                                    from
                                                  properties:
                                                    name:
                                                      description: 'Name of the referent.
                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                        TODO: Add other useful fields.
                                                        apiVersion, kind, uid?'
                                                      type: string
                                                    optional:
                                                      description: Specify whether
                                                        the ConfigMap must be defined
                                                      type: boolean
                                                  type: object
                                                prefix:
                                                  description: An optional identifier
                                                    to prepend to each key in the
                                                    ConfigMap. Must be a C_IDENTIFIER.
                                                  type: string
                                                secretRef:
                                                  description: The Secret to select
                                                    from
                                                  properties:
                                                    name:
                                                      description: 'Name of the referent.
                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                                        TODO: Add other useful fields.
                                                        apiVersion, kind, uid?'
                                                      type: string
                                                    optional:
                                                      description: Specify whether
                                                        the Secret must be defined
                                                      type: boolean
                                                  type: object
                                              type: object
                                            type: array
                                          image:
                                            description: 'Container image name. More
                                              info: https://kubernetes.io/docs/concepts/containers/images
                                              This field is optional to allow higher
                                              level config management to default or
                                              override container images in workload
                                              controllers like Deployments and StatefulSets.'
                                            type: string
                                          imagePullPolicy:
                                            description: 'Image pull policy. One of
                                              Always, Never, IfNotPresent. Defaults
                                              to Always if :latest tag is specified,
                                              or IfNotPresent otherwise. Cannot be
                                              updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
                                            type: string
                                          lifecycle:
                                            description: Actions that the management
                                              system should take in response to container
                                              lifecycle events. Cannot be updated.
                                            properties:
                                              postStart:
                                                description: 'PostStart is called
                                                  immediately after a container is
                                                  created. If the handler fails, the
                                                  container is terminated and restarted
                                                  according to its restart policy.
                                                  Other management of the container
                                                  blocks until the hook completes.
                                                  More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                                                properties:
                                                  exec:
                                                    description: Exec specifies the
                                                      action to take.
                                                    properties:
                                                      command:
                                                        description: Command is the
                                                          command line to execute
                                                          inside the container, the
                                                          working directory for the
                                                          command  is root ('/') in
                                                          the container's filesystem.
                                                          The command is simply exec'd,
                                                          it is not run inside a shell,
                                                          so traditional shell instructions
                                                          ('|', etc) won't work. To
                                                          use a shell, you need to
                                                          explicitly call out to that
                                                          shell. Exit status of 0
                                                          is treated as live/healthy
                                                          and non-zero is unhealthy.
                                                        items:
                                                          type: string
                                                        type: array
                                                    type: object
                                                  httpGet:
                                                    description: HTTPGet specifies
                                                      the http request to perform.
                                                    properties:
                                                      host:
                                                        description: Host name to
                                                          connect to, defaults to
                                                          the pod IP. You probably
                                                          want to set "Host" in httpHeaders
                                                          instead.
                                                        type: string
                                                      httpHeaders:
                                                        description: Custom headers
                                                          to set in the request. HTTP
                                                          allows repeated headers.
                                                        items:
                                                          description: HTTPHeader
                                                            describes a custom header
                                                            to be used in HTTP probes
                                                          properties:
                                                            name:
                                                              description: The header
                                                                field name
                                                              type: string
                                                            value:
                                                              description: The header
                                                                field value
                                                              type: string
                                                          required:
                                                          - name
                                                          - value
                                                          type: object
                                                        type: array
                                                      path:
                                                        description: Path to access
                                                          on the HTTP server.
                                                        type: string
                                                      port:
                                                        anyOf:
                                                        - type: integer
                                                        - type: string
                                                        description: Name or number
                                                          of the port to access on
                                                          the container. Number must
                                                          be in the range 1 to 65535.
                                                          Name must be an IANA_SVC_NAME.
                                                        x-kubernetes-int-or-string: true
                                                      scheme:
                                                        description: Scheme to use
                                                          for connecting to the host.
                                                          Defaults to HTTP.
                                                        type: string
                                                    required:
                                                    - port
                                                    type: object
                                                  tcpSocket:
                                                    description: Deprecated. TCPSocket
                                                      is NOT supported as a LifecycleHandler
                                                      and kept for the backward compatibility.
                                                      There are no validation of this
                                                      field and lifecycle hooks will
                                                      fail in runtime when tcp handler
                                                      is specified.
                                                    properties:
                                                      host:
                                                        description: 'Optional: Host
                                                          name to connect to, defaults
                                                          to the pod IP.'
                                                        type: string
                                                      port:
                                                        anyOf:
                                                        - type: integer
                                                        - type: string
                                                        description: Number or name
                                                          of the port to access on
                                                          the container. Number must
                                                          be in the range 1 to 65535.
                                                          Name must be an IANA_SVC_NAME.
                                                        x-kubernetes-int-or-string: true
                                                    required:
                                                    - port
                                                    type: object
                                                type: object
                                              preStop:
                                                description: 'PreStop is called immediately
                                                  before a container is terminated
                                                  due to an API request or management
                                                  event such as liveness/startup probe
                                                  failure, preemption, resource contention,
                                                  etc. The handler is not called if
                                                  the container crashes or exits.
                                                  The Pod''s termination grace period
                                                  countdown begins before the PreStop
                                                  hook is executed. Regardless of
                                                  the outcome of the handler, the
                                                  container will eventually terminate
                                                  within the Pod''s termination grace
                                                  period (unless delayed by finalizers).
                                                  Other management of the container
                                                  blocks until the hook completes
                                                  or until the termination grace period
                                                  is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
                                                properties:
                                                  exec:
                                                    description: Exec specifies the
                                                      action to take.
                                                    properties:
                                                      command:
                                                        description: Command is the
                                                          command line to execute
                                                          inside the container, the
                                                          working directory for the
                                                          command  is root ('/') in
                                                          the container's filesystem.
                                                          The command is simply exec'd,
                                                          it is not run inside a shell,
                                                          so traditional shell instructions
                                                          ('|', etc) won't work. To
                                                          use a shell, you need to
                                                          explicitly call out to that
                                                          shell. Exit status of 0
                                                          is treated as live/healthy
                                                          and non-zero is unhealthy.
                                                        items:
                                                          type: string
                                                        type: array
                                                    type: object
                                                  httpGet:
                                                    description: HTTPGet specifies
                                                      the http request to perform.
                                                    properties:
                                                      host:
                                                        description: Host name to
                                                          connect to, defaults to
                                                          the pod IP. You probably
                                                          want to set "Host" in httpHeaders
                                                          instead.
                                                        type: string
                                                      httpHeaders:
                                                        description: Custom headers
                                                          to set in the request. HTTP
                                                          allows repeated headers.
                                                        items:
                                                          description: HTTPHeader
                                                            describes a custom header
                                                            to be used in HTTP probes
                                                          properties:
                                                            name:
                                                              description: The header
                                                                field name
                                                              type: string
                                                            value:
                                                              description: The header
                                                                field value
                                                              type: string
                                                          required:
                                                          - name
                                                          - value
                                                          type: object
                                                        type: array
                                                      path:
                                                        description: Path to access
                                                          on the HTTP server.
                                                        type: string
                                                      port:
                                                        anyOf:
                                                        - type: integer
                                                        - type: string
                                                        description: Name or number
                                                          of the port to access on
                                                          the container. Number must
                                                          be in the range 1 to 65535.
                                                          Name must be an IANA_SVC_NAME.
                                                        x-kubernetes-int-or-string: true
                                                      scheme:
                                                        description: Scheme to use
                                                          for connecting to the host.
                                                          Defaults to HTTP.
                                                        type: string
                                                    required:
                                                    - port
                                                    type: object
                                                  tcpSocket:
                                                    description: Deprecated. TCPSocket
                                                      is NOT supported as a LifecycleHandler
                                                      and kept for the backward compatibility.
                                                      There are no validation of this
                                                      field and lifecycle hooks will
                                                      fail in runtime when tcp handler
                                                      is specified.
                                                    properties:
                                                      host:
                                                        description: 'Optional: Host
                                                          name to connect to, defaults
                                                          to the pod IP.'
                                                        type: string
                                                      port:
                                                        anyOf:
                                                        - type: integer
                                                        - type: string
                                                        description: Number or name
                                                          of the port to access on
                                                          the container. Number must
                                                          be in the range 1 to 65535.
                                                          Name must be an IANA_SVC_NAME.
                                                        x-kubernetes-int-or-string: true
                                                    required:
                                                    - port
                                                    type: object
                                                type: object
                                            type: object
                                          livenessProbe:
                                            description: 'Periodic probe of container
                                              liveness. Container will be restarted
                                              if the probe fails. Cannot be updated.
                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            properties:
                                              exec:
                                                description: Exec specifies the action
                                                  to take.
                                                properties:
                                                  command:
                                                    description: Command is the command
                                                      line to execute inside the container,
                                                      the working directory for the
                                                      command  is root ('/') in the
                                                      container's filesystem. The
                                                      command is simply exec'd, it
                                                      is not run inside a shell, so
                                                      traditional shell instructions
                                                      ('|', etc) won't work. To use
                                                      a shell, you need to explicitly
                                                      call out to that shell. Exit
                                                      status of 0 is treated as live/healthy
                                                      and non-zero is unhealthy.
                                                    items:
                                                      type: string
                                                    type: array
                                                type: object
                                              failureThreshold:
                                                description: Minimum consecutive failures
                                                  for the probe to be considered failed
                                                  after having succeeded. Defaults
                                                  to 3. Minimum value is 1.
                                                format: int32
                                                type: integer
                                              grpc:
                                                description: GRPC specifies an action
                                                  involving a GRPC port. This is a
                                                  beta field and requires enabling
                                                  GRPCContainerProbe feature gate.
                                                properties:
                                                  port:
                                                    description: Port number of the
                                                      gRPC service. Number must be
                                                      in the range 1 to 65535.
                                                    format: int32
                                                    type: integer
                                                  service:
                                                    description: "Service is the name
                                                      of the service to place in the
                                                      gRPC HealthCheckRequest (see
                                                      https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                      \n If this is not specified,
                                                      the default behavior is defined
                                                      by gRPC."
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              httpGet:
                                                description: HTTPGet specifies the
                                                  http request to perform.
                                                properties:
                                                  host:
                                                    description: Host name to connect
                                                      to, defaults to the pod IP.
                                                      You probably want to set "Host"
                                                      in httpHeaders instead.
                                                    type: string
                                                  httpHeaders:
                                                    description: Custom headers to
                                                      set in the request. HTTP allows
                                                      repeated headers.
                                                    items:
                                                      description: HTTPHeader describes
                                                        a custom header to be used
                                                        in HTTP probes
                                                      properties:
                                                        name:
                                                          description: The header
                                                            field name
                                                          type: string
                                                        value:
                                                          description: The header
                                                            field value
                                                          type: string
                                                      required:
                                                      - name
                                                      - value
                                                      type: object
                                                    type: array
                                                  path:
                                                    description: Path to access on
                                                      the HTTP server.
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Name or number of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                  scheme:
                                                    description: Scheme to use for
                                                      connecting to the host. Defaults
                                                      to HTTP.
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              initialDelaySeconds:
                                                description: 'Number of seconds after
                                                  the container has started before
                                                  liveness probes are initiated. More
                                                  info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                                format: int32
                                                type: integer
                                              periodSeconds:
                                                description: How often (in seconds)
                                                  to perform the probe. Default to
                                                  10 seconds. Minimum value is 1.
                                                format: int32
                                                type: integer
                                              successThreshold:
                                                description: Minimum consecutive successes
                                                  for the probe to be considered successful
                                                  after having failed. Defaults to
                                                  1. Must be 1 for liveness and startup.
                                                  Minimum value is 1.
                                                format: int32
                                                type: integer
                                              tcpSocket:
                                                description: TCPSocket specifies an
                                                  action involving a TCP port.
                                                properties:
                                                  host:
                                                    description: 'Optional: Host name
                                                      to connect to, defaults to the
                                                      pod IP.'
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Number or name of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                required:
                                                - port
                                                type: object
                                              terminationGracePeriodSeconds:
                                                description: Optional duration in
                                                  seconds the pod needs to terminate
                                                  gracefully upon probe failure. The
                                                  grace period is the duration in
                                                  seconds after the processes running
                                                  in the pod are sent a termination
                                                  signal and the time when the processes
                                                  are forcibly halted with a kill
                                                  signal. Set this value longer than
                                                  the expected cleanup time for your
                                                  process. If this value is nil, the
                                                  pod's terminationGracePeriodSeconds
                                                  will be used. Otherwise, this value
                                                  overrides the value provided by
                                                  the pod spec. Value must be non-negative
                                                  integer. The value zero indicates
                                                  stop immediately via the kill signal
                                                  (no opportunity to shut down). This
                                                  is a beta field and requires enabling
                                                  ProbeTerminationGracePeriod feature
                                                  gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                                  is used if unset.
                                                format: int64
                                                type: integer
                                              timeoutSeconds:
                                                description: 'Number of seconds after
                                                  which the probe times out. Defaults
                                                  to 1 second. Minimum value is 1.
                                                  More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                                format: int32
                                                type: integer
                                            type: object
                                          name:
                                            description: Name of the container specified
                                              as a DNS_LABEL. Each container in a
                                              pod must have a unique name (DNS_LABEL).
                                              Cannot be updated.
                                            type: string
                                          ports:
                                            description: List of ports to expose from
                                              the container. Exposing a port here
                                              gives the system additional information
                                              about the network connections a container
                                              uses, but is primarily informational.
                                              Not specifying a port here DOES NOT
                                              prevent that port from being exposed.
                                              Any port which is listening on the default
                                              "0.0.0.0" address inside a container
                                              will be accessible from the network.
                                              Cannot be updated.
                                            items:
                                              description: ContainerPort represents
                                                a network port in a single container.
                                              properties:
                                                containerPort:
                                                  description: Number of port to expose
                                                    on the pod's IP address. This
                                                    must be a valid port number, 0
                                                    < x < 65536.
                                                  format: int32
                                                  type: integer
                                                hostIP:
                                                  description: What host IP to bind
                                                    the external port to.
                                                  type: string
                                                hostPort:
                                                  description: Number of port to expose
                                                    on the host. If specified, this
                                                    must be a valid port number, 0
                                                    < x < 65536. If HostNetwork is
                                                    specified, this must match ContainerPort.
                                                    Most containers do not need this.
                                                  format: int32
                                                  type: integer
                                                name:
                                                  description: If specified, this
                                                    must be an IANA_SVC_NAME and unique
                                                    within the pod. Each named port
                                                    in a pod must have a unique name.
                                                    Name for the port that can be
                                                    referred to by services.
                                                  type: string
                                                protocol:
                                                  default: TCP
                                                  description: Protocol for port.
                                                    Must be UDP, TCP, or SCTP. Defaults
                                                    to "TCP".
                                                  type: string
                                              required:
                                              - containerPort
                                              - protocol
                                              type: object
                                            type: array
                                            x-kubernetes-list-map-keys:
                                            - containerPort
                                            - protocol
                                            x-kubernetes-list-type: map
                                          readinessProbe:
                                            description: 'Periodic probe of container
                                              service readiness. Container will be
                                              removed from service endpoints if the
                                              probe fails. Cannot be updated. More
                                              info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            properties:
                                              exec:
                                                description: Exec specifies the action
                                                  to take.
                                                properties:
                                                  command:
                                                    description: Command is the command
                                                      line to execute inside the container,
                                                      the working directory for the
                                                      command  is root ('/') in the
                                                      container's filesystem. The
                                                      command is simply exec'd, it
                                                      is not run inside a shell, so
                                                      traditional shell instructions
                                                      ('|', etc) won't work. To use
                                                      a shell, you need to explicitly
                                                      call out to that shell. Exit
                                                      status of 0 is treated as live/healthy
                                                      and non-zero is unhealthy.
                                                    items:
                                                      type: string
                                                    type: array
                                                type: object
                                              failureThreshold:
                                                description: Minimum consecutive failures
                                                  for the probe to be considered failed
                                                  after having succeeded. Defaults
                                                  to 3. Minimum value is 1.
                                                format: int32
                                                type: integer
                                              grpc:
                                                description: GRPC specifies an action
                                                  involving a GRPC port. This is a
                                                  beta field and requires enabling
                                                  GRPCContainerProbe feature gate.
                                                properties:
                                                  port:
                                                    description: Port number of the
                                                      gRPC service. Number must be
                                                      in the range 1 to 65535.
                                                    format: int32
                                                    type: integer
                                                  service:
                                                    description: "Service is the name
                                                      of the service to place in the
                                                      gRPC HealthCheckRequest (see
                                                      https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                      \n If this is not specified,
                                                      the default behavior is defined
                                                      by gRPC."
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              httpGet:
                                                description: HTTPGet specifies the
                                                  http request to perform.
                                                properties:
                                                  host:
                                                    description: Host name to connect
                                                      to, defaults to the pod IP.
                                                      You probably want to set "Host"
                                                      in httpHeaders instead.
                                                    type: string
                                                  httpHeaders:
                                                    description: Custom headers to
                                                      set in the request. HTTP allows
                                                      repeated headers.
                                                    items:
                                                      description: HTTPHeader describes
                                                        a custom header to be used
                                                        in HTTP probes
                                                      properties:
                                                        name:
                                                          description: The header
                                                            field name
                                                          type: string
                                                        value:
                                                          description: The header
                                                            field value
                                                          type: string
                                                      required:
                                                      - name
                                                      - value
                                                      type: object
                                                    type: array
                                                  path:
                                                    description: Path to access on
                                                      the HTTP server.
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Name or number of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                  scheme:
                                                    description: Scheme to use for
                                                      connecting to the host. Defaults
                                                      to HTTP.
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              initialDelaySeconds:
                                                description: 'Number of seconds after
                                                  the container has started before
                                                  liveness probes are initiated. More
                                                  info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                                format: int32
                                                type: integer
                                              periodSeconds:
                                                description: How often (in seconds)
                                                  to perform the probe. Default to
                                                  10 seconds. Minimum value is 1.
                                                format: int32
                                                type: integer
                                              successThreshold:
                                                description: Minimum consecutive successes
                                                  for the probe to be considered successful
                                                  after having failed. Defaults to
                                                  1. Must be 1 for liveness and startup.
                                                  Minimum value is 1.
                                                format: int32
                                                type: integer
                                              tcpSocket:
                                                description: TCPSocket specifies an
                                                  action involving a TCP port.
                                                properties:
                                                  host:
                                                    description: 'Optional: Host name
                                                      to connect to, defaults to the
                                                      pod IP.'
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Number or name of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                required:
                                                - port
                                                type: object
                                              terminationGracePeriodSeconds:
                                                description: Optional duration in
                                                  seconds the pod needs to terminate
                                                  gracefully upon probe failure. The
                                                  grace period is the duration in
                                                  seconds after the processes running
                                                  in the pod are sent a termination
                                                  signal and the time when the processes
                                                  are forcibly halted with a kill
                                                  signal. Set this value longer than
                                                  the expected cleanup time for your
                                                  process. If this value is nil, the
                                                  pod's terminationGracePeriodSeconds
                                                  will be used. Otherwise, this value
                                                  overrides the value provided by
                                                  the pod spec. Value must be non-negative
                                                  integer. The value zero indicates
                                                  stop immediately via the kill signal
                                                  (no opportunity to shut down). This
                                                  is a beta field and requires enabling
                                                  ProbeTerminationGracePeriod feature
                                                  gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                                  is used if unset.
                                                format: int64
                                                type: integer
                                              timeoutSeconds:
                                                description: 'Number of seconds after
                                                  which the probe times out. Defaults
                                                  to 1 second. Minimum value is 1.
                                                  More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                                format: int32
                                                type: integer
                                            type: object
                                          resources:
                                            description: 'Compute Resources required
                                              by this container. Cannot be updated.
                                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                            properties:
                                              limits:
                                                additionalProperties:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                  x-kubernetes-int-or-string: true
                                                description: 'Limits describes the
                                                  maximum amount of compute resources
                                                  allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                                type: object
                                              requests:
                                                additionalProperties:
                                                  anyOf:
                                                  - type: integer
                                                  - type: string
                                                  pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
                                                  x-kubernetes-int-or-string: true
                                                description: 'Requests describes the
                                                  minimum amount of compute resources
                                                  required. If Requests is omitted
                                                  for a container, it defaults to
                                                  Limits if that is explicitly specified,
                                                  otherwise to an implementation-defined
                                                  value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
                                                type: object
                                            type: object
                                          securityContext:
                                            description: 'SecurityContext defines
                                              the security options the container should
                                              be run with. If set, the fields of SecurityContext
                                              override the equivalent fields of PodSecurityContext.
                                              More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
                                            properties:
                                              allowPrivilegeEscalation:
                                                description: 'AllowPrivilegeEscalation
                                                  controls whether a process can gain
                                                  more privileges than its parent
                                                  process. This bool directly controls
                                                  if the no_new_privs flag will be
                                                  set on the container process. AllowPrivilegeEscalation
                                                  is true always when the container
                                                  is: 1) run as Privileged 2) has
                                                  CAP_SYS_ADMIN Note that this field
                                                  cannot be set when spec.os.name
                                                  is windows.'
                                                type: boolean
                                              capabilities:
                                                description: The capabilities to add/drop
                                                  when running containers. Defaults
                                                  to the default set of capabilities
                                                  granted by the container runtime.
                                                  Note that this field cannot be set
                                                  when spec.os.name is windows.
                                                properties:
                                                  add:
                                                    description: Added capabilities
                                                    items:
                                                      description: Capability represent
                                                        POSIX capabilities type
                                                      type: string
                                                    type: array
                                                  drop:
                                                    description: Removed capabilities
                                                    items:
                                                      description: Capability represent
                                                        POSIX capabilities type
                                                      type: string
                                                    type: array
                                                type: object
                                              privileged:
                                                description: Run container in privileged
                                                  mode. Processes in privileged containers
                                                  are essentially equivalent to root
                                                  on the host. Defaults to false.
                                                  Note that this field cannot be set
                                                  when spec.os.name is windows.
                                                type: boolean
                                              procMount:
                                                description: procMount denotes the
                                                  type of proc mount to use for the
                                                  containers. The default is DefaultProcMount
                                                  which uses the container runtime
                                                  defaults for readonly paths and
                                                  masked paths. This requires the
                                                  ProcMountType feature flag to be
                                                  enabled. Note that this field cannot
                                                  be set when spec.os.name is windows.
                                                type: string
                                              readOnlyRootFilesystem:
                                                description: Whether this container
                                                  has a read-only root filesystem.
                                                  Default is false. Note that this
                                                  field cannot be set when spec.os.name
                                                  is windows.
                                                type: boolean
                                              runAsGroup:
                                                description: The GID to run the entrypoint
                                                  of the container process. Uses runtime
                                                  default if unset. May also be set
                                                  in PodSecurityContext.  If set in
                                                  both SecurityContext and PodSecurityContext,
                                                  the value specified in SecurityContext
                                                  takes precedence. Note that this
                                                  field cannot be set when spec.os.name
                                                  is windows.
                                                format: int64
                                                type: integer
                                              runAsNonRoot:
                                                description: Indicates that the container
                                                  must run as a non-root user. If
                                                  true, the Kubelet will validate
                                                  the image at runtime to ensure that
                                                  it does not run as UID 0 (root)
                                                  and fail to start the container
                                                  if it does. If unset or false, no
                                                  such validation will be performed.
                                                  May also be set in PodSecurityContext.  If
                                                  set in both SecurityContext and
                                                  PodSecurityContext, the value specified
                                                  in SecurityContext takes precedence.
                                                type: boolean
                                              runAsUser:
                                                description: The UID to run the entrypoint
                                                  of the container process. Defaults
                                                  to user specified in image metadata
                                                  if unspecified. May also be set
                                                  in PodSecurityContext.  If set in
                                                  both SecurityContext and PodSecurityContext,
                                                  the value specified in SecurityContext
                                                  takes precedence. Note that this
                                                  field cannot be set when spec.os.name
                                                  is windows.
                                                format: int64
                                                type: integer
                                              seLinuxOptions:
                                                description: The SELinux context to
                                                  be applied to the container. If
                                                  unspecified, the container runtime
                                                  will allocate a random SELinux context
                                                  for each container.  May also be
                                                  set in PodSecurityContext.  If set
                                                  in both SecurityContext and PodSecurityContext,
                                                  the value specified in SecurityContext
                                                  takes precedence. Note that this
                                                  field cannot be set when spec.os.name
                                                  is windows.
                                                properties:
                                                  level:
                                                    description: Level is SELinux
                                                      level label that applies to
                                                      the container.
                                                    type: string
                                                  role:
                                                    description: Role is a SELinux
                                                      role label that applies to the
                                                      container.
                                                    type: string
                                                  type:
                                                    description: Type is a SELinux
                                                      type label that applies to the
                                                      container.
                                                    type: string
                                                  user:
                                                    description: User is a SELinux
                                                      user label that applies to the
                                                      container.
                                                    type: string
                                                type: object
                                              seccompProfile:
                                                description: The seccomp options to
                                                  use by this container. If seccomp
                                                  options are provided at both the
                                                  pod & container level, the container
                                                  options override the pod options.
                                                  Note that this field cannot be set
                                                  when spec.os.name is windows.
                                                properties:
                                                  localhostProfile:
                                                    description: localhostProfile
                                                      indicates a profile defined
                                                      in a file on the node should
                                                      be used. The profile must be
                                                      preconfigured on the node to
                                                      work. Must be a descending path,
                                                      relative to the kubelet's configured
                                                      seccomp profile location. Must
                                                      only be set if type is "Localhost".
                                                    type: string
                                                  type:
                                                    description: "type indicates which
                                                      kind of seccomp profile will
                                                      be applied. Valid options are:
                                                      \n Localhost - a profile defined
                                                      in a file on the node should
                                                      be used. RuntimeDefault - the
                                                      container runtime default profile
                                                      should be used. Unconfined -
                                                      no profile should be applied."
                                                    type: string
                                                required:
                                                - type
                                                type: object
                                              windowsOptions:
                                                description: The Windows specific
                                                  settings applied to all containers.
                                                  If unspecified, the options from
                                                  the PodSecurityContext will be used.
                                                  If set in both SecurityContext and
                                                  PodSecurityContext, the value specified
                                                  in SecurityContext takes precedence.
                                                  Note that this field cannot be set
                                                  when spec.os.name is linux.
                                                properties:
                                                  gmsaCredentialSpec:
                                                    description: GMSACredentialSpec
                                                      is where the GMSA admission
                                                      webhook (https://github.com/kubernetes-sigs/windows-gmsa)
                                                      inlines the contents of the
                                                      GMSA credential spec named by
                                                      the GMSACredentialSpecName field.
                                                    type: string
                                                  gmsaCredentialSpecName:
                                                    description: GMSACredentialSpecName
                                                      is the name of the GMSA credential
                                                      spec to use.
                                                    type: string
                                                  hostProcess:
                                                    description: HostProcess determines
                                                      if a container should be run
                                                      as a 'Host Process' container.
                                                      This field is alpha-level and
                                                      will only be honored by components
                                                      that enable the WindowsHostProcessContainers
                                                      feature flag. Setting this field
                                                      without the feature flag will
                                                      result in errors when validating
                                                      the Pod. All of a Pod's containers
                                                      must have the same effective
                                                      HostProcess value (it is not
                                                      allowed to have a mix of HostProcess
                                                      containers and non-HostProcess
                                                      containers).  In addition, if
                                                      HostProcess is true then HostNetwork
                                                      must also be set to true.
                                                    type: boolean
                                                  runAsUserName:
                                                    description: The UserName in Windows
                                                      to run the entrypoint of the
                                                      container process. Defaults
                                                      to the user specified in image
                                                      metadata if unspecified. May
                                                      also be set in PodSecurityContext.
                                                      If set in both SecurityContext
                                                      and PodSecurityContext, the
                                                      value specified in SecurityContext
                                                      takes precedence.
                                                    type: string
                                                type: object
                                            type: object
                                          startupProbe:
                                            description: 'StartupProbe indicates that
                                              the Pod has successfully initialized.
                                              If specified, no other probes are executed
                                              until this completes successfully. If
                                              this probe fails, the Pod will be restarted,
                                              just as if the livenessProbe failed.
                                              This can be used to provide different
                                              probe parameters at the beginning of
                                              a Pod''s lifecycle, when it might take
                                              a long time to load data or warm a cache,
                                              than during steady-state operation.
                                              This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                            properties:
                                              exec:
                                                description: Exec specifies the action
                                                  to take.
                                                properties:
                                                  command:
                                                    description: Command is the command
                                                      line to execute inside the container,
                                                      the working directory for the
                                                      command  is root ('/') in the
                                                      container's filesystem. The
                                                      command is simply exec'd, it
                                                      is not run inside a shell, so
                                                      traditional shell instructions
                                                      ('|', etc) won't work. To use
                                                      a shell, you need to explicitly
                                                      call out to that shell. Exit
                                                      status of 0 is treated as live/healthy
                                                      and non-zero is unhealthy.
                                                    items:
                                                      type: string
                                                    type: array
                                                type: object
                                              failureThreshold:
                                                description: Minimum consecutive failures
                                                  for the probe to be considered failed
                                                  after having succeeded. Defaults
                                                  to 3. Minimum value is 1.
                                                format: int32
                                                type: integer
                                              grpc:
                                                description: GRPC specifies an action
                                                  involving a GRPC port. This is a
                                                  beta field and requires enabling
                                                  GRPCContainerProbe feature gate.
                                                properties:
                                                  port:
                                                    description: Port number of the
                                                      gRPC service. Number must be
                                                      in the range 1 to 65535.
                                                    format: int32
                                                    type: integer
                                                  service:
                                                    description: "Service is the name
                                                      of the service to place in the
                                                      gRPC HealthCheckRequest (see
                                                      https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
                                                      \n If this is not specified,
                                                      the default behavior is defined
                                                      by gRPC."
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              httpGet:
                                                description: HTTPGet specifies the
                                                  http request to perform.
                                                properties:
                                                  host:
                                                    description: Host name to connect
                                                      to, defaults to the pod IP.
                                                      You probably want to set "Host"
                                                      in httpHeaders instead.
                                                    type: string
                                                  httpHeaders:
                                                    description: Custom headers to
                                                      set in the request. HTTP allows
                                                      repeated headers.
                                                    items:
                                                      description: HTTPHeader describes
                                                        a custom header to be used
                                                        in HTTP probes
                                                      properties:
                                                        name:
                                                          description: The header
                                                            field name
                                                          type: string
                                                        value:
                                                          description: The header
                                                            field value
                                                          type: string
                                                      required:
                                                      - name
                                                      - value
                                                      type: object
                                                    type: array
                                                  path:
                                                    description: Path to access on
                                                      the HTTP server.
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Name or number of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                  scheme:
                                                    description: Scheme to use for
                                                      connecting to the host. Defaults
                                                      to HTTP.
                                                    type: string
                                                required:
                                                - port
                                                type: object
                                              initialDelaySeconds:
                                                description: 'Number of seconds after
                                                  the container has started before
                                                  liveness probes are initiated. More
                                                  info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                                format: int32
                                                type: integer
                                              periodSeconds:
                                                description: How often (in seconds)
                                                  to perform the probe. Default to
                                                  10 seconds. Minimum value is 1.
                                                format: int32
                                                type: integer
                                              successThreshold:
                                                description: Minimum consecutive successes
                                                  for the probe to be considered successful
                                                  after having failed. Defaults to
                                                  1. Must be 1 for liveness and startup.
                                                  Minimum value is 1.
                                                format: int32
                                                type: integer
                                              tcpSocket:
                                                description: TCPSocket specifies an
                                                  action involving a TCP port.
                                                properties:
                                                  host:
                                                    description: 'Optional: Host name
                                                      to connect to, defaults to the
                                                      pod IP.'
                                                    type: string
                                                  port:
                                                    anyOf:
                                                    - type: integer
                                                    - type: string
                                                    description: Number or name of
                                                      the port to access on the container.
                                                      Number must be in the range
                                                      1 to 65535. Name must be an
                                                      IANA_SVC_NAME.
                                                    x-kubernetes-int-or-string: true
                                                required:
                                                - port
                                                type: object
                                              terminationGracePeriodSeconds:
                                                description: Optional duration in
                                                  seconds the pod needs to terminate
                                                  gracefully upon probe failure. The
                                                  grace period is the duration in
                                                  seconds after the processes running
                                                  in the pod are sent a termination
                                                  signal and the time when the processes
                                                  are forcibly halted with a kill
                                                  signal. Set this value longer than
                                                  the expected cleanup time for your
                                                  process. If this value is nil, the
                                                  pod's terminationGracePeriodSeconds
                                                  will be used. Otherwise, this value
                                                  overrides the value provided by
                                                  the pod spec. Value must be non-negative
                                                  integer. The value zero indicates
                                                  stop immediately via the kill signal
                                                  (no opportunity to shut down). This
                                                  is a beta field and requires enabling
                                                  ProbeTerminationGracePeriod feature
                                                  gate. Minimum value is 1. spec.terminationGracePeriodSeconds
                                                  is used if unset.
                                                format: int64
                                                type: integer
                                              timeoutSeconds:
                                                description: 'Number of seconds after
                                                  which the probe times out. Defaults
                                                  to 1 second. Minimum value is 1.
                                                  More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
                                                format: int32
                                                type: integer
                                            type: object
                                          stdin:
                                            description: Whether this container should
                                              allocate a buffer for stdin in the container
                                              runtime. If this is not set, reads from
                                              stdin in the container will always result
                                              in EOF. Default is false.
                                            type: boolean
                                          stdinOnce:
                                            description: Whether the container runtime
                                              should close the stdin channel after
                                              it has been opened by a single attach.
                                              When stdin is true the stdin stream
                                              will remain open across multiple attach
                                              sessions. If stdinOnce is set to true,
                                              stdin is opened on container start,
                                              is empty until the first client attaches
                                              to stdin, and then remains open and
                                              accepts data until the client disconnects,
                                              at which time stdin is closed and remains
                                              closed until the container is restarted.
                                              If this flag is false, a container processes
                                              that reads from stdin will never receive
                                              an EOF. Default is false
                                            type: boolean
                                          terminationMessagePath:
                                            description: 'Optional: Path at which
                                              the file to which the container''s termination
                                              message will be written is mounted into
                                              the container''s filesystem. Message
                                              written is intended to be brief final
                                              status, such as an assertion failure
                                              message. Will be truncated by the node
                                              if greater than 4096 bytes. The total
                                              message length across all containers
                                              will be limited to 12kb. Defaults to
                                              /dev/termination-log. Cannot be updated.'
                                            type: string
                                          terminationMessagePolicy:
                                            description: Indicate how the termination
                                              message should be populated. File will
                                              use the contents of terminationMessagePath
                                              to populate the container status message
                                              on both success and failure. FallbackToLogsOnError
                                              will use the last chunk of container
                                              log output if the termination message
                                              file is empty and the container exited
                                              with an error. The log output is limited
                                              to 2048 bytes or 80 lines, whichever
                                              is smaller. Defaults to File. Cannot
                                              be updated.
                                            type: string
                                          tty:
                                            description: Whether this container should
                                              allocate a TTY for itself, also requires
                                              'stdin' to be true. Default is false.
                                            type: boolean
                                          volumeDevices:
                                            description: volumeDevices is the list
                                              of block devices to be used by the container.
                                            items:
                                              description: volumeDevice describes
                                                a mapping of a raw block device within
                                                a container.
                                              properties:
                                                devicePath:
                                                  description: devicePath is the path
                                                    inside of the container that the
                                                    device will be mapped to.
                                                  type: string
                                                name:
                                                  description: name must match the
                                                    name of a persistentVolumeClaim
                                                    in the pod
                                                  type: string
                                              required:
                                              - devicePath
                                              - name
                                              type: object
                                            type: array
                                          volumeMounts:
                                            description: Pod volumes to mount into
                                              the container's filesystem. Cannot be
                                              updated.
                                            items:
                                              description: VolumeMount describes a
                                                mounting of a Volume within a container.
                                              properties:
                                                mountPath:
                                                  description: Path within the container
                                                    at which the volume should be
                                                    mounted.  Must not contain ':'.
                                                  type: string
                                                mountPropagation:
                                                  description: mountPropagation determines
                                                    how mounts are propagated from
                                                    the host to container and the
                                                    other way around. When not set,
                                                    MountPropagationNone is used.
                                                    This field is beta in 1.10.
                                                  type: string
                                                name:
                                                  description: This must match the
                                                    Name of a Volume.
                                                  type: string
                                                readOnly:
                                                  description: Mounted read-only if
                                                    true, read-write otherwise (false
                                                    or unspecified). Defaults to false.
                                                  type: boolean
                                                subPath:
                                                  description: Path within the volume
                                                    from which the container's volume
                                                    should be mounted. Defaults to
                                                    "" (volume's root).
                                                  type: string
                                                subPathExpr:
                                                  description: Expanded path within
                                                    the volume from which the container's
                                                    volume should be mounted. Behaves
                                                    similarly to SubPath but environment
                                                    variable references $(VAR_NAME)
                                                    are expanded using the container's
                                                    environment. Defaults to "" (volume's
                                                    root). SubPathExpr and SubPath
                                                    are mutually exclusive.
                                                  type: string
                                              required:
                                              - mountPath
                                              - name
                                              type: object
                                            type: array
                                          workingDir:
                                            description: Container's working directory.
                                              If not specified, the container runtime's
                                              default will be used, which might be
                                              configured in the container image. Cannot
                                              be updated.
                                            type: string
                                        required:
                                        - name
                                        type: object
                                      type: array
                                    timeout:
                                      description: Timeout defines the maximum amount
                                        of time Velero should wait for the initContainers
                                        to complete.
                                      type: string
                                  type: object
                              type: object
                            type: array
                        required:
                        - name
                        type: object
                      type: array
                  type: object
                includeClusterResources:
                  description: IncludeClusterResources specifies whether cluster-scoped
                    resources should be included for consideration in the restore.
                    If null, defaults to true.
                  nullable: true
                  type: boolean
                includedNamespaces:
                  description: IncludedNamespaces is a slice of namespace names to
                    include objects from. If empty, all namespaces are included.
                  items:
                    type: string
                  nullable: true
                  type: array
                includedResources:
                  description: IncludedResources is a slice of resource names to include
                    in the restore. If empty, all resources in the backup are included.
                  items:
                    type: string
                  nullable: true
                  type: array
                labelSelector:
                  description: LabelSelector is a metav1.LabelSelector to filter with
                    when restoring individual objects from the backup. If empty or
                    nil, all objects are included. Optional.
                  nullable: true
                  properties:
                    matchExpressions:
                      description: matchExpressions is a list of label selector requirements.
                        The requirements are ANDed.
                      items:
                        description: A label selector requirement is a selector that
                          contains values, a key, and an operator that relates the
                          key and values.
                        properties:
                          key:
                            description: key is the label key that the selector applies
                              to.
                            type: string
                          operator:
                            description: operator represents a key's relationship
                              to a set of values. Valid operators are In, NotIn, Exists
                              and DoesNotExist.
                            type: string
                          values:
                            description: values is an array of string values. If the
                              operator is In or NotIn, the values array must be non-empty.
                              If the operator is Exists or DoesNotExist, the values
                              array must be empty. This array is replaced during a
                              strategic merge patch.
                            items:
                              type: string
                            type: array
                        required:
                        - key
                        - operator
                        type: object
                      type: array
                    matchLabels:
                      additionalProperties:
                        type: string
                      description: matchLabels is a map of {key,value} pairs. A single
                        {key,value} in the matchLabels map is equivalent to an element
                        of matchExpressions, whose key field is "key", the operator
                        is "In", and the values array contains only "value". The requirements
                        are ANDed.
                      type: object
                  type: object
                namespaceMapping:
                  additionalProperties:
                    type: string
                  description: NamespaceMapping is a map of source namespace names
                    to target namespace names to restore into. Any source namespaces
                    not included in the map will be restored into namespaces of the
                    same name.
                  type: object
                orLabelSelectors:
                  description: OrLabelSelectors is list of metav1.LabelSelector to
                    filter with when restoring individual objects from the backup.
                    If multiple provided they will be joined by the OR operator. LabelSelector
                    as well as OrLabelSelectors cannot co-exist in restore request,
                    only one of them can be used
                  items:
                    description: A label selector is a label query over a set of resources.
                      The result of matchLabels and matchExpressions are ANDed. An
                      empty label selector matches all objects. A null label selector
                      matches no objects.
                    properties:
                      matchExpressions:
                        description: matchExpressions is a list of label selector
                          requirements. The requirements are ANDed.
                        items:
                          description: A label selector requirement is a selector
                            that contains values, a key, and an operator that relates
                            the key and values.
                          properties:
                            key:
                              description: key is the label key that the selector
                                applies to.
                              type: string
                            operator:
                              description: operator represents a key's relationship
                                to a set of values. Valid operators are In, NotIn,
                                Exists and DoesNotExist.
                              type: string
                            values:
                              description: values is an array of string values. If
                                the operator is In or NotIn, the values array must
                                be non-empty. If the operator is Exists or DoesNotExist,
                                the values array must be empty. This array is replaced
                                during a strategic merge patch.
                              items:
                                type: string
                              type: array
                          required:
                          - key
                          - operator
                          type: object
                        type: array
                      matchLabels:
                        additionalProperties:
                          type: string
                        description: matchLabels is a map of {key,value} pairs. A
                          single {key,value} in the matchLabels map is equivalent
                          to an element of matchExpressions, whose key field is "key",
                          the operator is "In", and the values array contains only
                          "value". The requirements are ANDed.
                        type: object
                    type: object
                  nullable: true
                  type: array
                preserveNodePorts:
                  description: PreserveNodePorts specifies whether to restore old
                    nodePorts from backup.
                  nullable: true
                  type: boolean
                restorePVs:
                  description: RestorePVs specifies whether to restore all included
                    PVs from snapshot (via the cloudprovider).
                  nullable: true
                  type: boolean
                restoreStatus:
                  description: RestoreStatus specifies which resources we should restore
                    the status field. If nil, no objects are included. Optional.
                  nullable: true
                  properties:
                    excludedResources:
                      description: ExcludedResources specifies the resources to which
                        will not restore the status.
                      items:
                        type: string
                      nullable: true
                      type: array
                    includedResources:
                      description: IncludedResources specifies the resources to which
                        will restore the status. If empty, it applies to all resources.
                      items:
                        type: string
                      nullable: true
                      type: array
                  type: object
                scheduleName:
                  description: ScheduleName is the unique name of the Velero schedule
                    to restore from. If specified, and BackupName is empty, Velero
                    will restore from the most recent successful backup created from
                    this schedule.
                  type: string
              required:
              - backupName
              type: object
            status:
              description: RestoreStatus captures the current status of a Velero restore
              properties:
                completionTimestamp:
                  description: CompletionTimestamp records the time the restore operation
                    was completed. Completion time is recorded even on failed restore.
                    The server's time is used for StartTimestamps
                  format: date-time
                  nullable: true
                  type: string
                errors:
                  description: Errors is a count of all error messages that were generated
                    during execution of the restore. The actual errors are stored
                    in object storage.
                  type: integer
                failureReason:
                  description: FailureReason is an error that caused the entire restore
                    to fail.
                  type: string
                phase:
                  description: Phase is the current state of the Restore
                  enum:
                  - New
                  - FailedValidation
                  - InProgress
                  - Completed
                  - PartiallyFailed
                  - Failed
                  type: string
                progress:
                  description: Progress contains information about the restore's execution
                    progress. Note that this information is best-effort only -- if
                    Velero fails to update it during a restore for any reason, it
                    may be inaccurate/stale.
                  nullable: true
                  properties:
                    itemsRestored:
                      description: ItemsRestored is the number of items that have
                        actually been restored so far
                      type: integer
                    totalItems:
                      description: TotalItems is the total number of items to be restored.
                        This number may change throughout the execution of the restore
                        due to plugins that return additional related items to restore
                      type: integer
                  type: object
                startTimestamp:
                  description: StartTimestamp records the time the restore operation
                    was started. The server's time is used for StartTimestamps
                  format: date-time
                  nullable: true
                  type: string
                validationErrors:
                  description: ValidationErrors is a slice of all validation errors
                    (if applicable)
                  items:
                    type: string
                  nullable: true
                  type: array
                warnings:
                  description: Warnings is a count of all warning messages that were
                    generated during execution of the restore. The actual warnings
                    are stored in object storage.
                  type: integer
              type: object
          type: object
      served: true
      storage: true
- apiVersion: apiextensions.k8s.io/v1
  kind: CustomResourceDefinition
  metadata:
    annotations:
      controller-gen.kubebuilder.io/version: v0.7.0
    creationTimestamp: null
    labels:
      component: velero
    name: schedules.velero.io
  spec:
    group: velero.io
    names:
      kind: Schedule
      listKind: ScheduleList
      plural: schedules
      singular: schedule
    scope: Namespaced
    versions:
    - additionalPrinterColumns:
      - description: Status of the schedule
        jsonPath: .status.phase
        name: Status
        type: string
      - description: A Cron expression defining when to run the Backup
        jsonPath: .spec.schedule
        name: Schedule
        type: string
      - description: The last time a Backup was run for this schedule
        jsonPath: .status.lastBackup
        name: LastBackup
        type: date
      - jsonPath: .metadata.creationTimestamp
        name: Age
        type: date
      name: v1
      schema:
        openAPIV3Schema:
          description: Schedule is a Velero resource that represents a pre-scheduled
            or periodic Backup that should be run.
          properties:
            apiVersion:
              description: 'APIVersion defines the versioned schema of this representation
                of an object. Servers should convert recognized schemas to the latest
                internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
              type: string
            kind:
              description: 'Kind is a string value representing the REST resource
                this object represents. Servers may infer this from the endpoint the
                client submits requests to. Cannot be updated. In CamelCase. More
                info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
              type: string
            metadata:
              type: object
            spec:
              description: ScheduleSpec defines the specification for a Velero schedule
              properties:
                schedule:
                  description: Schedule is a Cron expression defining when to run
                    the Backup.
                  type: string
                template:
                  description: Template is the definition of the Backup to be run
                    on the provided schedule
                  properties:
                    csiSnapshotTimeout:
                      description: CSISnapshotTimeout specifies the time used to wait
                        for CSI VolumeSnapshot status turns to ReadyToUse during creation,
                        before returning error as timeout. The default value is 10
                        minute.
                      type: string
                    defaultVolumesToRestic:
                      description: DefaultVolumesToRestic specifies whether restic
                        should be used to take a backup of all pod volumes by default.
                      type: boolean
                    excludedNamespaces:
                      description: ExcludedNamespaces contains a list of namespaces
                        that are not included in the backup.
                      items:
                        type: string
                      nullable: true
                      type: array
                    excludedResources:
                      description: ExcludedResources is a slice of resource names
                        that are not included in the backup.
                      items:
                        type: string
                      nullable: true
                      type: array
                    hooks:
                      description: Hooks represent custom behaviors that should be
                        executed at different phases of the backup.
                      properties:
                        resources:
                          description: Resources are hooks that should be executed
                            when backing up individual instances of a resource.
                          items:
                            description: BackupResourceHookSpec defines one or more
                              BackupResourceHooks that should be executed based on
                              the rules defined for namespaces, resources, and label
                              selector.
                            properties:
                              excludedNamespaces:
                                description: ExcludedNamespaces specifies the namespaces
                                  to which this hook spec does not apply.
                                items:
                                  type: string
                                nullable: true
                                type: array
                              excludedResources:
                                description: ExcludedResources specifies the resources
                                  to which this hook spec does not apply.
                                items:
                                  type: string
                                nullable: true
                                type: array
                              includedNamespaces:
                                description: IncludedNamespaces specifies the namespaces
                                  to which this hook spec applies. If empty, it applies
                                  to all namespaces.
                                items:
                                  type: string
                                nullable: true
                                type: array
                              includedResources:
                                description: IncludedResources specifies the resources
                                  to which this hook spec applies. If empty, it applies
                                  to all resources.
                                items:
                                  type: string
                                nullable: true
                                type: array
                              labelSelector:
                                description: LabelSelector, if specified, filters
                                  the resources to which this hook spec applies.
                                nullable: true
                                properties:
                                  matchExpressions:
                                    description: matchExpressions is a list of label
                                      selector requirements. The requirements are
                                      ANDed.
                                    items:
                                      description: A label selector requirement is
                                        a selector that contains values, a key, and
                                        an operator that relates the key and values.
                                      properties:
                                        key:
                                          description: key is the label key that the
                                            selector applies to.
                                          type: string
                                        operator:
                                          description: operator represents a key's
                                            relationship to a set of values. Valid
                                            operators are In, NotIn, Exists and DoesNotExist.
                                          type: string
                                        values:
                                          description: values is an array of string
                                            values. If the operator is In or NotIn,
                                            the values array must be non-empty. If
                                            the operator is Exists or DoesNotExist,
                                            the values array must be empty. This array
                                            is replaced during a strategic merge patch.
                                          items:
                                            type: string
                                          type: array
                                      required:
                                      - key
                                      - operator
                                      type: object
                                    type: array
                                  matchLabels:
                                    additionalProperties:
                                      type: string
                                    description: matchLabels is a map of {key,value}
                                      pairs. A single {key,value} in the matchLabels
                                      map is equivalent to an element of matchExpressions,
                                      whose key field is "key", the operator is "In",
                                      and the values array contains only "value".
                                      The requirements are ANDed.
                                    type: object
                                type: object
                              name:
                                description: Name is the name of this hook.
                                type: string
                              post:
                                description: PostHooks is a list of BackupResourceHooks
                                  to execute after storing the item in the backup.
                                  These are executed after all "additional items"
                                  from item actions are processed.
                                items:
                                  description: BackupResourceHook defines a hook for
                                    a resource.
                                  properties:
                                    exec:
                                      description: Exec defines an exec hook.
                                      properties:
                                        command:
                                          description: Command is the command and
                                            arguments to execute.
                                          items:
                                            type: string
                                          minItems: 1
                                          type: array
                                        container:
                                          description: Container is the container
                                            in the pod where the command should be
                                            executed. If not specified, the pod's
                                            first container is used.
                                          type: string
                                        onError:
                                          description: OnError specifies how Velero
                                            should behave if it encounters an error
                                            executing this hook.
                                          enum:
                                          - Continue
                                          - Fail
                                          type: string
                                        timeout:
                                          description: Timeout defines the maximum
                                            amount of time Velero should wait for
                                            the hook to complete before considering
                                            the execution a failure.
                                          type: string
                                      required:
                                      - command
                                      type: object
                                  required:
                                  - exec
                                  type: object
                                type: array
                              pre:
                                description: PreHooks is a list of BackupResourceHooks
                                  to execute prior to storing the item in the backup.
                                  These are executed before any "additional items"
                                  from item actions are processed.
                                items:
                                  description: BackupResourceHook defines a hook for
                                    a resource.
                                  properties:
                                    exec:
                                      description: Exec defines an exec hook.
                                      properties:
                                        command:
                                          description: Command is the command and
                                            arguments to execute.
                                          items:
                                            type: string
                                          minItems: 1
                                          type: array
                                        container:
                                          description: Container is the container
                                            in the pod where the command should be
                                            executed. If not specified, the pod's
                                            first container is used.
                                          type: string
                                        onError:
                                          description: OnError specifies how Velero
                                            should behave if it encounters an error
                                            executing this hook.
                                          enum:
                                          - Continue
                                          - Fail
                                          type: string
                                        timeout:
                                          description: Timeout defines the maximum
                                            amount of time Velero should wait for
                                            the hook to complete before considering
                                            the execution a failure.
                                          type: string
                                      required:
                                      - command
                                      type: object
                                  required:
                                  - exec
                                  type: object
                                type: array
                            required:
                            - name
                            type: object
                          nullable: true
                          type: array
                      type: object
                    includeClusterResources:
                      description: IncludeClusterResources specifies whether cluster-scoped
                        resources should be included for consideration in the backup.
                      nullable: true
                      type: boolean
                    includedNamespaces:
                      description: IncludedNamespaces is a slice of namespace names
                        to include objects from. If empty, all namespaces are included.
                      items:
                        type: string
                      nullable: true
                      type: array
                    includedResources:
                      description: IncludedResources is a slice of resource names
                        to include in the backup. If empty, all resources are included.
                      items:
                        type: string
                      nullable: true
                      type: array
                    labelSelector:
                      description: LabelSelector is a metav1.LabelSelector to filter
                        with when adding individual objects to the backup. If empty
                        or nil, all objects are included. Optional.
                      nullable: true
                      properties:
                        matchExpressions:
                          description: matchExpressions is a list of label selector
                            requirements. The requirements are ANDed.
                          items:
                            description: A label selector requirement is a selector
                              that contains values, a key, and an operator that relates
                              the key and values.
                            properties:
                              key:
                                description: key is the label key that the selector
                                  applies to.
                                type: string
                              operator:
                                description: operator represents a key's relationship
                                  to a set of values. Valid operators are In, NotIn,
                                  Exists and DoesNotExist.
                                type: string
                              values:
                                description: values is an array of string values.
                                  If the operator is In or NotIn, the values array
                                  must be non-empty. If the operator is Exists or
                                  DoesNotExist, the values array must be empty. This
                                  array is replaced during a strategic merge patch.
                                items:
                                  type: string
                                type: array
                            required:
                            - key
                            - operator
                            type: object
                          type: array
                        matchLabels:
                          additionalProperties:
                            type: string
                          description: matchLabels is a map of {key,value} pairs.
                            A single {key,value} in the matchLabels map is equivalent
                            to an element of matchExpressions, whose key field is
                            "key", the operator is "In", and the values array contains
                            only "value". The requirements are ANDed.
                          type: object
                      type: object
                    metadata:
                      properties:
                        labels:
                          additionalProperties:
                            type: string
                          type: object
                      type: object
                    orLabelSelectors:
                      description: OrLabelSelectors is list of metav1.LabelSelector
                        to filter with when adding individual objects to the backup.
                        If multiple provided they will be joined by the OR operator.
                        LabelSelector as well as OrLabelSelectors cannot co-exist
                        in backup request, only one of them can be used.
                      items:
                        description: A label selector is a label query over a set
                          of resources. The result of matchLabels and matchExpressions
                          are ANDed. An empty label selector matches all objects.
                          A null label selector matches no objects.
                        properties:
                          matchExpressions:
                            description: matchExpressions is a list of label selector
                              requirements. The requirements are ANDed.
                            items:
                              description: A label selector requirement is a selector
                                that contains values, a key, and an operator that
                                relates the key and values.
                              properties:
                                key:
                                  description: key is the label key that the selector
                                    applies to.
                                  type: string
                                operator:
                                  description: operator represents a key's relationship
                                    to a set of values. Valid operators are In, NotIn,
                                    Exists and DoesNotExist.
                                  type: string
                                values:
                                  description: values is an array of string values.
                                    If the operator is In or NotIn, the values array
                                    must be non-empty. If the operator is Exists or
                                    DoesNotExist, the values array must be empty.
                                    This array is replaced during a strategic merge
                                    patch.
                                  items:
                                    type: string
                                  type: array
                              required:
                              - key
                              - operator
                              type: object
                            type: array
                          matchLabels:
                            additionalProperties:
                              type: string
                            description: matchLabels is a map of {key,value} pairs.
                              A single {key,value} in the matchLabels map is equivalent
                              to an element of matchExpressions, whose key field is
                              "key", the operator is "In", and the values array contains
                              only "value". The requirements are ANDed.
                            type: object
                        type: object
                      nullable: true
                      type: array
                    orderedResources:
                      additionalProperties:
                        type: string
                      description: OrderedResources specifies the backup order of
                        resources of specific Kind. The map key is the Kind name and
                        value is a list of resource names separated by commas. Each
                        resource name has format "namespace/resourcename".  For cluster
                        resources, simply use "resourcename".
                      nullable: true
                      type: object
                    snapshotVolumes:
                      description: SnapshotVolumes specifies whether to take cloud
                        snapshots of any PV's referenced in the set of objects included
                        in the Backup.
                      nullable: true
                      type: boolean
                    storageLocation:
                      description: StorageLocation is a string containing the name
                        of a BackupStorageLocation where the backup should be stored.
                      type: string
                    ttl:
                      description: TTL is a time.Duration-parseable string describing
                        how long the Backup should be retained for.
                      type: string
                    volumeSnapshotLocations:
                      description: VolumeSnapshotLocations is a list containing names
                        of VolumeSnapshotLocations associated with this backup.
                      items:
                        type: string
                      type: array
                  type: object
                useOwnerReferencesInBackup:
                  description: UseOwnerReferencesBackup specifies whether to use OwnerReferences
                    on backups created by this Schedule.
                  nullable: true
                  type: boolean
              required:
              - schedule
              - template
              type: object
            status:
              description: ScheduleStatus captures the current state of a Velero schedule
              properties:
                lastBackup:
                  description: LastBackup is the last time a Backup was run for this
                    Schedule schedule
                  format: date-time
                  nullable: true
                  type: string
                phase:
                  description: Phase is the current phase of the Schedule
                  enum:
                  - New
                  - Enabled
                  - FailedValidation
                  type: string
                validationErrors:
                  description: ValidationErrors is a slice of all validation errors
                    (if applicable)
                  items:
                    type: string
                  type: array
              type: object
          type: object
      served: true
      storage: true
      subresources: {}
- apiVersion: apiextensions.k8s.io/v1
  kind: CustomResourceDefinition
  metadata:
    annotations:
      controller-gen.kubebuilder.io/version: v0.7.0
    creationTimestamp: null
    labels:
      component: velero
    name: serverstatusrequests.velero.io
  spec:
    group: velero.io
    names:
      kind: ServerStatusRequest
      listKind: ServerStatusRequestList
      plural: serverstatusrequests
      shortNames:
      - ssr
      singular: serverstatusrequest
    scope: Namespaced
    versions:
    - name: v1
      schema:
        openAPIV3Schema:
          description: ServerStatusRequest is a request to access current status information
            about the Velero server.
          properties:
            apiVersion:
              description: 'APIVersion defines the versioned schema of this representation
                of an object. Servers should convert recognized schemas to the latest
                internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
              type: string
            kind:
              description: 'Kind is a string value representing the REST resource
                this object represents. Servers may infer this from the endpoint the
                client submits requests to. Cannot be updated. In CamelCase. More
                info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
              type: string
            metadata:
              type: object
            spec:
              description: ServerStatusRequestSpec is the specification for a ServerStatusRequest.
              type: object
            status:
              description: ServerStatusRequestStatus is the current status of a ServerStatusRequest.
              properties:
                phase:
                  description: Phase is the current lifecycle phase of the ServerStatusRequest.
                  enum:
                  - New
                  - Processed
                  type: string
                plugins:
                  description: Plugins list information about the plugins running
                    on the Velero server
                  items:
                    description: PluginInfo contains attributes of a Velero plugin
                    properties:
                      kind:
                        type: string
                      name:
                        type: string
                    required:
                    - kind
                    - name
                    type: object
                  nullable: true
                  type: array
                processedTimestamp:
                  description: ProcessedTimestamp is when the ServerStatusRequest
                    was processed by the ServerStatusRequestController.
                  format: date-time
                  nullable: true
                  type: string
                serverVersion:
                  description: ServerVersion is the Velero server version.
                  type: string
              type: object
          type: object
      served: true
      storage: true
- apiVersion: apiextensions.k8s.io/v1
  kind: CustomResourceDefinition
  metadata:
    annotations:
      controller-gen.kubebuilder.io/version: v0.7.0
    creationTimestamp: null
    labels:
      component: velero
    name: volumesnapshotlocations.velero.io
  spec:
    group: velero.io
    names:
      kind: VolumeSnapshotLocation
      listKind: VolumeSnapshotLocationList
      plural: volumesnapshotlocations
      singular: volumesnapshotlocation
    scope: Namespaced
    versions:
    - name: v1
      schema:
        openAPIV3Schema:
          description: VolumeSnapshotLocation is a location where Velero stores volume
            snapshots.
          properties:
            apiVersion:
              description: 'APIVersion defines the versioned schema of this representation
                of an object. Servers should convert recognized schemas to the latest
                internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
              type: string
            kind:
              description: 'Kind is a string value representing the REST resource
                this object represents. Servers may infer this from the endpoint the
                client submits requests to. Cannot be updated. In CamelCase. More
                info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
              type: string
            metadata:
              type: object
            spec:
              description: VolumeSnapshotLocationSpec defines the specification for
                a Velero VolumeSnapshotLocation.
              properties:
                config:
                  additionalProperties:
                    type: string
                  description: Config is for provider-specific configuration fields.
                  type: object
                provider:
                  description: Provider is the provider of the volume storage.
                  type: string
              required:
              - provider
              type: object
            status:
              description: VolumeSnapshotLocationStatus describes the current status
                of a Velero VolumeSnapshotLocation.
              properties:
                phase:
                  description: VolumeSnapshotLocationPhase is the lifecycle phase
                    of a Velero VolumeSnapshotLocation.
                  enum:
                  - Available
                  - Unavailable
                  type: string
              type: object
          type: object
      served: true
      storage: true
- apiVersion: v1
  kind: Namespace
  metadata:
    creationTimestamp: null
    labels:
      component: velero
    name: velero
  spec: {}
- apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRoleBinding
  metadata:
    creationTimestamp: null
    labels:
      component: velero
    name: velero
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: cluster-admin
  subjects:
  - kind: ServiceAccount
    name: velero
    namespace: velero
- apiVersion: v1
  kind: ServiceAccount
  metadata:
    creationTimestamp: null
    labels:
      component: velero
    name: velero
    namespace: velero
- apiVersion: v1
  data:
    cloud: W2RlZmF1bHRdCmF3c19hY2Nlc3Nfa2V5X2lkPW1pbmlvYWRtaW4KYXdzX3NlY3JldF9hY2Nlc3Nfa2V5PW1pbmlvYWRtaW4K
  kind: Secret
  metadata:
    creationTimestamp: null
    labels:
      component: velero
    name: cloud-credentials
    namespace: velero
  type: Opaque
- apiVersion: velero.io/v1
  kind: BackupStorageLocation
  metadata:
    creationTimestamp: null
    labels:
      component: velero
    name: default
    namespace: velero
  spec:
    config:
      region: minio
      s3ForcePathStyle: "true"
      s3Url: http://192.168.123.11:39111
    default: true
    objectStorage:
      bucket: velero
    provider: aws
- apiVersion: apps/v1
  kind: Deployment
  metadata:
    creationTimestamp: null
    labels:
      component: velero
    name: velero
    namespace: velero
  spec:
    selector:
      matchLabels:
        deploy: velero
    strategy: {}
    template:
      metadata:
        annotations:
          prometheus.io/path: /metrics
          prometheus.io/port: "8085"
          prometheus.io/scrape: "true"
        creationTimestamp: null
        labels:
          component: velero
          deploy: velero
      spec:
        containers:
        - args:
          - server
          - --features=
          command:
          - /velero
          env:
          - name: VELERO_SCRATCH_DIR
            value: /scratch
          - name: VELERO_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
          - name: LD_LIBRARY_PATH
            value: /plugins
          - name: GOOGLE_APPLICATION_CREDENTIALS
            value: /credentials/cloud
          - name: AWS_SHARED_CREDENTIALS_FILE
            value: /credentials/cloud
          - name: AZURE_CREDENTIALS_FILE
            value: /credentials/cloud
          - name: ALIBABA_CLOUD_CREDENTIALS_FILE
            value: /credentials/cloud
          image: velero/velero:v1.9.4
          imagePullPolicy: IfNotPresent
          name: velero
          ports:
          - containerPort: 8085
            name: metrics
          resources:
            limits:
              cpu: "1"
              memory: 512Mi
            requests:
              cpu: 500m
              memory: 128Mi
          volumeMounts:
          - mountPath: /plugins
            name: plugins
          - mountPath: /scratch
            name: scratch
          - mountPath: /credentials
            name: cloud-credentials
        initContainers:
        - image: velero/velero-plugin-for-aws:v1.5.0
          imagePullPolicy: IfNotPresent
          name: velero-velero-plugin-for-aws
          resources: {}
          volumeMounts:
          - mountPath: /target
            name: plugins
        restartPolicy: Always
        serviceAccountName: velero
        volumes:
        - emptyDir: {}
          name: plugins
        - emptyDir: {}
          name: scratch
        - name: cloud-credentials
          secret:
            secretName: cloud-credentials
- apiVersion: apps/v1
  kind: DaemonSet
  metadata:
    creationTimestamp: null
    labels:
      component: velero
    name: restic
    namespace: velero
  spec:
    selector:
      matchLabels:
        name: restic
    template:
      metadata:
        creationTimestamp: null
        labels:
          component: velero
          name: restic
      spec:
        containers:
        - args:
          - restic
          - server
          - --features=
          command:
          - /velero
          env:
          - name: NODE_NAME
            valueFrom:
              fieldRef:
                fieldPath: spec.nodeName
          - name: VELERO_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
          - name: VELERO_SCRATCH_DIR
            value: /scratch
          - name: GOOGLE_APPLICATION_CREDENTIALS
            value: /credentials/cloud
          - name: AWS_SHARED_CREDENTIALS_FILE
            value: /credentials/cloud
          - name: AZURE_CREDENTIALS_FILE
            value: /credentials/cloud
          - name: ALIBABA_CLOUD_CREDENTIALS_FILE
            value: /credentials/cloud
          image: velero/velero:v1.9.4
          imagePullPolicy: IfNotPresent
          name: restic
          resources:
            limits:
              cpu: "1"
              memory: 1Gi
            requests:
              cpu: 500m
              memory: 512Mi
          volumeMounts:
          - mountPath: /host_pods
            mountPropagation: HostToContainer
            name: host-pods
          - mountPath: /scratch
            name: scratch
          - mountPath: /credentials
            name: cloud-credentials
        securityContext:
          runAsUser: 0
        serviceAccountName: velero
        volumes:
        - hostPath:
            path: /var/lib/kubelet/pods
          name: host-pods
        - emptyDir: {}
          name: scratch
        - name: cloud-credentials
          secret:
            secretName: cloud-credentials
    updateStrategy: {}
kind: List

apply以上的部署清单文件,很快的就可以安装完毕了,查看如下pod,正常运行表示安装完毕:

bash 复制代码
[root@node4 ~]# k get po -n velero 
NAME                     READY   STATUS    RESTARTS   AGE
restic-2wkqs             1/1     Running   0          5h54m
restic-kw2wl             1/1     Running   0          5h54m
restic-qv6rn             1/1     Running   0          5h54m
restic-ssfrg             1/1     Running   0          5h54m
velero-fbb9469f6-vf4z5   1/1     Running   0          5h54m

四,

kubernetes集群全量资源备份

bash 复制代码
[root@node4 ~]# v backup create test
Backup request "test" submitted successfully.
Run `velero backup describe test` or `velero backup logs test` for more details.

查看是否备份成功(只有complete是成功的,其它的备份是不可用的):

bash 复制代码
NAME   STATUS      ERRORS   WARNINGS   CREATED                         EXPIRES   STORAGE LOCATION   SELECTOR
test   Completed   0        0          2023-12-30 20:31:18 +0800 CST   29d       default            <none>

查看备份详情:

详情里说了所有资源都备份,总共备份了487个单位

bash 复制代码
[root@node4 ~]# v backup describe test
Name:         test
Namespace:    velero
Labels:       velero.io/storage-location=default
Annotations:  velero.io/source-cluster-k8s-gitversion=v1.23.16
              velero.io/source-cluster-k8s-major-version=1
              velero.io/source-cluster-k8s-minor-version=23

Phase:  Completed

Errors:    0
Warnings:  0

Namespaces:
  Included:  *
  Excluded:  <none>

Resources:
  Included:        *
  Excluded:        <none>
  Cluster-scoped:  auto

Label selector:  <none>

Storage Location:  default

Velero-Native Snapshot PVs:  auto

TTL:  720h0m0s

Hooks:  <none>

Backup Format Version:  1.1.0

Started:    2023-12-30 20:31:18 +0800 CST
Completed:  2023-12-30 20:31:28 +0800 CST

Expiration:  2024-01-29 20:31:18 +0800 CST

Total items to be backed up:  487
Items backed up:              487

Velero-Native Snapshots: <none included>

从minio下载下来的备份文件,里面都是JSON格式的

恢复:

计划恢复的目标是下面的这些

bash 复制代码
[root@node4 nginx-app]# k get po -n nginx-example 
NAME                                READY   STATUS    RESTARTS   AGE
nginx-deployment-5c844b66c8-7rrz8   1/1     Running   0          81s
nginx-deployment-5c844b66c8-szbg4   1/1     Running   0          81s

现在先删除nginx-example这个命名空间:

bash 复制代码
[root@node4 nginx-app]# k delete ns nginx-example 
namespace "nginx-example" deleted

开始恢复:

bash 复制代码
[root@node4 nginx-app]# v restore create --from-backup=test
Restore request "test-20231230204606" submitted successfully.
Run `velero restore describe test-20231230204606` or `velero restore logs test-20231230204606` for more details.

查看恢复状态:

可以看到,在执行恢复,稍等片刻

bash 复制代码
[root@node4 nginx-app]# v restore get
NAME                  BACKUP   STATUS       STARTED                         COMPLETED   ERRORS   WARNINGS   CREATED                         SELECTOR
test-20231230204606   test     InProgress   2023-12-30 20:46:06 +0800 CST   <nil>       0        0          2023-12-30 20:46:06 +0800 CST   <none>
bash 复制代码
[root@node4 nginx-app]# v restore get
NAME                  BACKUP   STATUS      STARTED                         COMPLETED                       ERRORS   WARNINGS   CREATED                         SELECTOR
test-20231230204606   test     Completed   2023-12-30 20:46:06 +0800 CST   2023-12-30 20:46:52 +0800 CST   0        65         2023-12-30 20:46:06 +0800 CST   <none>

查看恢复日志,没有输出表示恢复正常:

bash 复制代码
[root@node4 nginx-app]# v restore logs test-20231230204606 |grep error

说明:velero的恢复策略是目标资源存在将会跳过,恢复的时候不会检查image版本等等过于细节的地方,也就是说不会覆盖回退,只有删除回退。

查看日志我们应该可以得出这个比较明显的结论:

bash 复制代码
[root@node4 nginx-app]# v restore logs test-20231230205200 |grep skip
time="2023-12-30T12:52:07Z" level=info msg="Restore of StorageClass, local-storage skipped: it already exists in the cluster and is the same as the backed up version" logSource="pkg/restore/restore.go:1382" restore=velero/test-20231230205200
time="2023-12-30T12:52:07Z" level=info msg="Restore of PersistentVolume, minio skipped: it already exists in the cluster and is the same as the backed up version" logSource="pkg/restore/restore.go:1382" restore=velero/test-20231230205200
time="2023-12-30T12:52:07Z" level=info msg="Restore of PersistentVolumeClaim, data-minio-0 skipped: it already exists in the cluster and is the same as the backed up version" logSource="pkg/restore/restore.go:1382" restore=velero/test-20231230205200
time="2023-12-30T12:52:07Z" level=info msg="Restore of Secret, default-token-24xhh skipped: it already exists in the cluster and is the same as the backed up version" logSource="pkg/restore/restore.go:1382" restore=velero/test-20231230205200
time="2023-12-30T12:52:07Z" level=info msg="Restore of Secret, default-token-sj6wz skipped: it already exists in the cluster and is the same as the backed up version" logSource="pkg/restore/restore.go:1382" restore=velero/test-20231230205200
time="2023-12-30T12:52:07Z" level=info msg="Restore of Secret, default-token-xzlz5 skipped: it already exists in the cluster and is the same as the backed up version" logSource="pkg/restore/restore.go:1382" restore=velero/test-20231230205200
time="2023-12-30T12:52:07Z" level=info msg="Restore of Secret, attachdetach-controller-token-fbrwk skipped: it already exists in the cluster and is the same as the backed up version" logSource="pkg/restore/restore.go:1382" restore=velero/test-20231230205200

五,

velero的部分资源备份和恢复:

单独备份指定的namespace

bash 复制代码
[root@node4 nginx-app]# v backup create test1 --include-namespaces=nginx-example
Backup request "test1" submitted successfully.
Run `velero backup describe test1` or `velero backup logs test1` for more details.

查看备份详情:

bash 复制代码
[root@node4 nginx-app]# v backup describe test1
Name:         test1
Namespace:    velero
Labels:       velero.io/storage-location=default
Annotations:  velero.io/source-cluster-k8s-gitversion=v1.23.16
              velero.io/source-cluster-k8s-major-version=1
              velero.io/source-cluster-k8s-minor-version=23

Phase:  Completed

Errors:    0
Warnings:  0

Namespaces:
  Included:  nginx-example
  Excluded:  <none>

Resources:
  Included:        *
  Excluded:        <none>
  Cluster-scoped:  auto

Label selector:  <none>

Storage Location:  default

Velero-Native Snapshot PVs:  auto

TTL:  720h0m0s

Hooks:  <none>

Backup Format Version:  1.1.0

Started:    2023-12-30 21:25:02 +0800 CST
Completed:  2023-12-30 21:25:04 +0800 CST

Expiration:  2024-01-29 21:25:02 +0800 CST

Total items to be backed up:  23
Items backed up:              23

Velero-Native Snapshots: <none included>

使用此备份恢复,并查看恢复情况:

bash 复制代码
[root@node4 nginx-app]# k delete ns nginx-example 
namespace "nginx-example" deleted
[root@node4 nginx-app]# v restore create --from-backup=test1
Restore request "test1-20231230212744" submitted successfully.
Run `velero restore describe test1-20231230212744` or `velero restore logs test1-20231230212744` for more details.
[root@node4 nginx-app]# k get po -n nginx-example 
NAME                                READY   STATUS    RESTARTS   AGE
nginx-deployment-5c844b66c8-7rrz8   1/1     Running   0          4s
nginx-deployment-5c844b66c8-szbg4   1/1     Running   0          4s

这个备份恢复迁移到其它namespace nginx1:

bash 复制代码
[root@node4 nginx-app]# v restore create --from-backup=test1 --namespace-mappings nginx-example:nginx1
Restore request "test1-20231230220044" submitted successfully.
Run `velero restore describe test1-20231230220044` or `velero restore logs test1-20231230220044` for more details.
[root@node4 nginx-app]# v restore get
NAME                   BACKUP   STATUS      STARTED                         COMPLETED                       ERRORS   WARNINGS   CREATED                         SELECTOR
test-20231230204606    test     Completed   2023-12-30 20:46:06 +0800 CST   2023-12-30 20:46:52 +0800 CST   0        65         2023-12-30 20:46:06 +0800 CST   <none>
test-20231230205200    test     Completed   2023-12-30 20:52:00 +0800 CST   2023-12-30 20:52:52 +0800 CST   0        65         2023-12-30 20:52:00 +0800 CST   <none>
test-20231230212059    test     Completed   2023-12-30 21:20:59 +0800 CST   2023-12-30 21:21:46 +0800 CST   0        67         2023-12-30 21:20:59 +0800 CST   <none>
test1-20231230212744   test1    Completed   2023-12-30 21:27:44 +0800 CST   2023-12-30 21:27:50 +0800 CST   0        1          2023-12-30 21:27:44 +0800 CST   <none>
test1-20231230220044   test1    Completed   2023-12-30 22:00:44 +0800 CST   2023-12-30 22:00:50 +0800 CST   0        1          2023-12-30 22:00:44 +0800 CST   <none>
[root@node4 nginx-app]# k get po -n nginx1
NAME                                READY   STATUS    RESTARTS   AGE
nginx-deployment-5c844b66c8-7rrz8   1/1     Running   0          22s
nginx-deployment-5c844b66c8-szbg4   1/1     Running   0          22s

当然了,全备的test里也可以抽namespace出来恢复:

bash 复制代码
[root@node4 nginx-app]# v restore create --from-backup=test --namespace-mappings nginx-example:nginx3
Restore request "test-20231230220230" submitted successfully.
Run `velero restore describe test-20231230220230` or `velero restore logs test-20231230220230` for more details.
bash 复制代码
[root@node4 nginx-app]# v restore create --from-backup=test --namespace-mappings kube-system:nginx3
Restore request "test-20231230220613" submitted successfully.
Run `velero restore describe test-20231230220613` or `velero restore logs test-20231230220613` for more details.
[root@node4 nginx-app]# k get po -n nginx3
No resources found in nginx3 namespace.
[root@node4 nginx-app]# k get po -n nginx3
No resources found in nginx3 namespace.
[root@node4 nginx-app]# k get po -n nginx3
No resources found in nginx3 namespace.
[root@node4 nginx-app]# k get po -n nginx3
No resources found in nginx3 namespace.
[root@node4 nginx-app]# k get po -n nginx3
No resources found in nginx3 namespace.
[root@node4 nginx-app]# k get po -n nginx3
NAME                                       READY   STATUS              RESTARTS   AGE
calico-kube-controllers-84897d7cdf-crnmk   0/1     ContainerCreating   0          1s
calico-node-2m7hp                          0/1     Init:0/2            0          1s
calico-node-5ztjk                          0/1     Init:0/2            0          1s
calico-node-96dmb                          0/1     Init:0/2            0          1s
calico-node-rqp2p                          0/1     Init:0/2            0          0s
coredns-b7c47bcdc-6vdk2                    0/1     ContainerCreating   0          0s
coredns-b7c47bcdc-db9cp                    0/1     ContainerCreating   0          0s
kube-proxy-649mn                           0/1     Pending             0          0s
kube-proxy-7q7ts                           0/1     ContainerCreating   0          0s
kube-proxy-dmd7v                           0/1     Pending             0          0s

单独的pod备份就不需要使用velero了,直接kubectl get deploy -n namespace -oyaml 就可以了

注意:velero restore 恢复不会覆盖已有的资源,只恢复当前集群中不存在的资源。已有的资源不会回滚到之前的版本,如需要回滚,需在restore之前提前删除现有的资源。

--include-resources
备份集群中的所有 deployments:

velero backup create <backup-name> --include-resources deployments
恢复集群中的所有 deployments 和 configmaps。

velero restore create <backup-name> --include-resources deployments,configmaps
在 namespace 中备份 deployments。

velero backup create <backup-name> --include-resources deployments --include-namespaces <namespace>

--selector
包括与 label selector 匹配的资源。

velero backup create <backup-name> --selector <key>=<value>
Excludes
从备份中排除特定资源。

通配符排除将被忽略。

--exclude-namespaces
Exclude kube-system from the cluster backup.

velero backup create <backup-name> --exclude-namespaces kube-system
还原期间排除两个 namespace。

velero restore create <backup-name> --exclude-namespaces <namespace1>,<namespace2>
--exclude-resources
从备份中排除 secrets:

velero backup create <backup-name> --exclude-resources secrets
排除 secrets 和 rolebindings:

velero backup create <backup-name> --exclude-resources secrets,rolebindings




自动计划备份:

这里说明一下,ttl过期时间可以免去一些备份文件的管理工作,当然普通的备份也可以指定这个过期时间

bash 复制代码
# 每日1点进行备份
velero create schedule <SCHEDULE NAME> --schedule="0 1 * * *"
# 每日1点进行备份,备份保留72小时
velero create schedule <SCHEDULE NAME> --schedule="0 1 * * *" --ttl 72h
# 每5小时进行一次备份
velero create schedule <SCHEDULE NAME> --schedule="@every 5h"
# 每日对 指定 namespace 进行一次备份 (如dev)
velero create schedule <SCHEDULE NAME> --schedule="@every 24h" --include-namespaces dev


[root@node4 nginx-app]# v create schedule test --schedule="0 0 * * *" --ttl=72h
Schedule "test" created successfully.
[root@node4 nginx-app]# v schedule get
NAME   STATUS    CREATED                         SCHEDULE    BACKUP TTL   LAST BACKUP   SELECTOR
test   Enabled   2023-12-30 22:29:11 +0800 CST   0 0 * * *   72h0m0s      n/a           <none>
相关推荐
AI街潜水的八角8 分钟前
基于C++的决策树C4.5机器学习算法(不调包)
c++·算法·决策树·机器学习
白榆maple33 分钟前
(蓝桥杯C/C++)——基础算法(下)
算法
JSU_曾是此间年少37 分钟前
数据结构——线性表与链表
数据结构·c++·算法
€☞扫地僧☜€1 小时前
docker 拉取MySQL8.0镜像以及安装
运维·数据库·docker·容器
其乐无涯1 小时前
服务器技术(一)--Linux基础入门
linux·运维·服务器
Diamond技术流1 小时前
从0开始学习Linux——网络配置
linux·运维·网络·学习·安全·centos
写bug的小屁孩1 小时前
前后端交互接口(三)
运维·服务器·数据库·windows·用户界面·qt6.3
斑布斑布1 小时前
【linux学习2】linux基本命令行操作总结
linux·运维·服务器·学习
紅色彼岸花1 小时前
第六章:DNS域名解析服务器
运维·服务器
Spring_java_gg2 小时前
如何抵御 Linux 服务器黑客威胁和攻击
linux·服务器·网络·安全·web安全