AllowOvercommit indicates if we should allow over commit memory for UVM.

BootFilesRootPath indicates the path to find the LCOW boot files to use when creating the UVM.

ContainerGPUCapabilities is used to find the gpu capabilities on the container spec.

ContainerMemorySizeInMB overrides the container memory size set via the OCI spec.

ContainerProcessDumpLocation specifies a path inside of containers to save process dumps to.

ContainerProcessorCount overrides the container processor count set via the OCI spec.

ContainerProcessorLimit overrides the container processor limit set via the OCI spec.

ContainerProcessorWeight overrides the container processor weight set via the OCI spec.

ContainerStorageQoSBandwidthMaximum overrides the container storage bandwidth per second set via the OCI spec.

ContainerStorageQoSIopsMaximum overrides the container storage maximum iops set via the OCI spec.

CPUGroupID specifies the cpugroup ID that a UVM should be assigned to, if any.

DeviceExtensions contains a comma separated list of full paths to device extension files.

DisableCompartmentNamespace sets whether to disable namespacing the network compartment in the UVM for WCOW.

DisableHostProcessContainer disables the ability to start a host process container (job container in this repository).

DisableLCOWTimeSyncService is used to disable the chronyd time synchronization service inside the LCOW UVM.

DisableUnsafeOperations disables several unsafe operations, such as writable file share mounts, for hostile multi-tenant environments.

DisableWritableFileShares disables adding any writable fileshares to the UVM.

DmVerityCreateArgs specifies the `dm-mod.create` parameters to kernel and enables integrity protection of the rootfs.

DmVerityMode specifies whether the rootfs is expected to be presented as a standalone SCSI attachment, in which case the UVM boots with dm-verity.

DmVerityRootFsVhd specifies the path of the VHD (with embedded dmverity data) file to use if required.

DumpDirectoryPath provides a path to the directory in which dumps for a UVM will be collected in case the UVM crashes.

EnableColdDiscardHint indicates whether to enable cold discard hint, which allows the UVM to trim non-zeroed pages from the working set (if supported by the guest operating system).

EnableDeferredCommit indicates if we should allow deferred memory commit for UVM.

EncryptedScratchDisk indicates whether or not the container scratch disks should be encrypted or not.

FullyPhysicallyBacked indicates that the UVM should use physically backed memory only, including for additional devices added later.

GPUVHDPath overrides the default path to search for the gpu vhd.

GuestStateFile specifies the path of the vmgs file to use if required.

HclEnabled specifies whether to enable the host compatibility layer.

HostAMDCertificate specifies the filename of the AMD certificates to be passed to UVM.

HostProcessContainer indicates to launch a host process container (job container in this repository).

HostProcessInheritUser indicates whether to ignore the username passed in to run a host process container as and instead inherit the user token from the executable that is launching the container process.

HostProcessRootfsLocation indicates where the rootfs for a host process container should be located.

KernelBootOptions is used to specify kernel options used while booting a linux kernel.

KernelDirectBoot indicates that we should skip UEFI and boot directly to `kernel`.

KubernetesContainerType is the annotation used by CRI to define the `ContainerType`.

KubernetesSandboxID is the annotation used by CRI to define the KubernetesContainerType == "sandbox"` ID.

LCOWDevShmSizeInKb specifies the size of LCOW /dev/shm.

LCOWPrivileged is used to specify that the container should be run in privileged mode.

MemoryHighMMIOBaseInMB indicates the high MMIO base in MB.

MemoryHighMMIOGapInMB indicates the high MMIO gap in MB.

MemoryLowMMIOGapInMB indicates the low MMIO gap in MB.

MemorySizeInMB overrides the container memory size set via the OCI spec.

NcproxyContainerID indicates whether or not to use the hcsshim container ID when setting up ncproxy and computeagent.

NetworkConfigProxy holds the address of the network config proxy service.

NoInheritHostTimezone specifies for the hosts timezone to not be inherited by the WCOW UVM.

NoSecurityHardware allows us, when it is set to true, to do testing and development without requiring SNP hardware.

NumaCountOfMemoryBlocks is an integer slice representing the number of memory blocks assigned to vNUMA nodes.

NumaCountOfProcessors is an integer slice representing the processor count for vNUMA.

NumaMappedPhysicalNodes is an integer slice representing pNUMA to vNUMA mapping.

NumaMaximumProcessorsPerNode is the maximum number of processors per vNUMA node.

NumaMaximumSizePerNode is the maximum size per vNUMA node.

NumaPreferredPhysicalNodes is an integer slice representing the preferred physical NUMA nodes.

PreferredRootFSType indicates what the preferred rootfs type should be for an LCOW UVM.

ProcessorCount overrides the hypervisor isolated vCPU count set via the OCI spec.

ProcessorLimit overrides the hypervisor isolated vCPU limit set via the OCI spec.

ProcessorWeight overrides the hypervisor isolated vCPU weight set via the OCI spec.

RLimitCore specifies the core rlimit value for a container.

SecurityPolicy is used to specify a security policy for opengcs to enforce.

SecurityPolicyEnforcer is used to specify which enforcer to initialize (open-door, standard or rego).

StorageQoSBandwidthMaximum indicates the maximum number of bytes per second.

StorageQoSIopsMaximum indicates the maximum number of Iops.

UVMReferenceInfoFile specifies the filename of a signed UVM reference file to be passed to UVM.

UVMSecurityPolicyEnv specifies if confidential containers' related information should be written to containers' rootfs.

VirtualMachineKernelDrivers indicates what drivers to install in the pod.

VPCIEnabled indicates that pci support should be enabled for the LCOW UVM.

VPMemCount indicates the max number of vpmem devices that can be used on the UVM.

VPMemNoMultiMapping indicates that we should disable LCOW vpmem layer multi mapping.

VPMemSize indicates the size of the VPMem devices.

VSMBNoDirectMap specifies that no direct mapping should be used for any VSMBs added to the UVM.

WCOWDisableGMSA disables providing gMSA (Group Managed Service Accounts) to a WCOW container.

WCOWProcessDumpCount specifies the maximum number of dumps to be collected in the specified ContainerProcessDumpLocation path.

WCOWProcessDumpType specifies the type of dump to create when generating a local user mode process dump for Windows containers.

AnnotationExpansions maps annotations that will be expanded into an array of other annotations.